NATIONAL CRITICAL INFORMATION INFRASTRUCTURE PROTECTION CENTRE (NCIIPC)

A Unit of National Technical Research Organisation


Alert and Advisories

  • Palo Alto Networks Released Security Updates (20 Nov 2024)

    Palo Alto Networks has released security updates to resolve an authentication bypass vulnerability in the Management Web Interface. The affected versions are PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series) and WildFire appliances.
    CVE ID: CVE-2024-0012 (Critical)

  • CVE - KB Correlation (20 Nov 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during Nov 2024.

  • Vulnerability in Cesanta Mongoose Web Server (19 Nov 2024)

    Use of an out of range pointer offset vulnerability has been discovered in Cesanta Mongoose Web Server. The affected version is Cesanta Mongoose Web Server v7.14.
    CVE ID: CVE-2024-42383 (Critical)

  • Vulnerability in Synology BeePhotos (19 Nov 2024)

    A command injection vulnerability has been discovered in the Task Manager component of Synology BeePhotos. The affected versions are Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795.
    CVE ID: CVE-2024-10443 (Critical)

  • Vulnerability in Apereo CAS (19 Nov 2024)

    An improper authentication vulnerability has been discovered in Apereo CAS. The affected version is Apereo CAS 6.6.
    CVE ID: CVE-2024-11209 (Critical)

  • Red Hat Security Updates (14 Nov 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • WordPress Security Update for Chartify – WordPress Chart Plugin(13 Nov 2024)

    WordPress has released security update to resolve local file inclusion vulnerability that allows to bypass access controls, obtain sensitive data, or achieve code execution in Chartify – WordPress Chart Plugin. The affected versions are all versions of Chartify – WordPress Chart Plugin up to, and including, 2.9.5 via the 'source' parameter.
    CVE ID: CVE-2024-10571 (Critical)

  • WordPress Security Update for Chartify – WordPress Chart Plugin(13 Nov 2024)

    WordPress has released security update to resolve PHP object injection vulnerability in Migration, Backup, Staging – WPvivid plugin. The affected versions are all versions of Migration, Backup, Staging – WPvivid plugin up to, and including, 0.9.107.
    CVE ID: CVE-2024-10962 (High)

  • Google Released Security Updates for Chrome (13 Nov 2024)

    Google has released Chrome 132.0.6834.6 of Chrome 132 to the Beta channel for Windows, Mac & Linux and Dev channel OS version 132.0.6834.0 Platform version 16093.2.0 for most ChromeOS devices.

  • Microsoft Released November 2024 Security Updates (13 Nov 2024)

    Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • WordPress Security Update for MultiManager WP – Manage All Your WordPress Sites Easily plugin (12 Nov 2024)

    WordPress has released security update to resolve authentication bypass vulnerability in MultiManager WP – Manage All Your WordPress Sites Easily plugin. The affected versions are all versions of MultiManager WP – Manage All Your WordPress Sites Easily plugin up to, and including, 1.0.5.
    CVE ID: CVE-2024-11028 (Critical)

  • WordPress Released Security Update for WordPress User Extra Fields plugin (12 Nov 2024)

    WordPress has released a security update to resolve an arbitrary file deletion vulnerability in the WordPress User Extra Fields plugin. The affected versions are WordPress User Extra Fields plugin, all versions up to and including, 16.6.
    CVE ID: CVE-2024-11150 (Critical)

  • Microsoft Security Updates for Windows Kerberos(12 Nov 2024)

    Microsoft has released security updates to resolve the Remote Code Execution (RCE) vulnerability in Windows Kerberos affecting several Windows servers.
    CVE ID: CVE-2024-43639 (Critical)

  • Microsoft Security Updates for Azure CycleCloud Tool(12 Nov 2024)

    Microsoft has released security updates to resolve the Remote Code Execution (RCE) vulnerability in several versions of Azure CycleCloud tool.
    CVE ID: CVE-2024-43602 (Critical)

  • Microsoft Security Updates for .NET and Microsoft Visual Studio(12 Nov 2024)

    Microsoft has released security updates to resolve the Remote Code Execution (RCE) vulnerability in .NET and Microsoft Visual Studio. The affected products are .NET 9.0 installed on Linux, Windows & macOS and Microsoft Visual Studio 2022 versions 17.11, 17.10, 17.8 & 17.6.
    CVE ID: CVE-2024-43498(Critical)

  • Siemens Security Updates for SINEC INS (12 Nov 2024)

    Siemens has released security updates to resolve multiple vulnerabilities in SINEC INS. The affected versions are all versions of SINEC INS, before V1.0 SP2 Update 3.
    CVE ID: CVE-2024-46890(Critical), CVE-2024-46888 (Critical)

  • Siemens Security Updates for SINEC INS (12 Nov 2024)

    Siemens has released security updates to resolve deserialization vulnerability in TeleControl Server Basic. The affected version is TeleControl Server Basic V3.1.
    CVE ID: CVE-2024-44102 (Critical)

  • Google Released Security Updates for Chrome (12 Nov 2024)

    Google has released Chrome 131 131.0.6778.39 for Android, Stable channel OS version 16033.58.0 Browser version 130.0.6723.126 for most ChromeOS devices, Extended Stable channel 130.0.6723.127 for Windows & Mac, Chrome Stable 131 131.0.6778.73 for iOS and Chrome 131 131.0.6778.69 for Linux & 131.0.6778.69/.70 for Windows & Mac to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-11110(High), CVE-2024-11111 (Medium) , CVE-2024-11112 (Medium), CVE-2024-11113 (Medium), CVE-2024-11114 (Medium), CVE-2024-11115 (Medium), CVE-2024-11116 (Medium), CVE-2024-11117 (Low)

  • Red Hat Security Updates (12 Nov 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products

  • Fortinet Security Updates for FortiAnalyzer, FortiAnalyzer-BigData and FortiManager (12 Nov 2024)

    Fortinet has released security updates to resolve server-side security vulnerability in FortiAnalyzer, FortiAnalyzer-BigData and FortiManager. The affected products are FortiAnalyzer versions 7.4, 7.2,7.0 & 6.8, FortiAnalyzer-BigData versions 7.4, 7.2,7.0, 6.4 & 6.2 and FortiManager versions 7.4, 7.2,7.0 & 6.4.
    CVE ID: CVE-2024-23666 (High)

  • Fortinet Security Updates for FortiAnalyzer, FortiAnalyzer-BigData and FortiManager (12 Nov 2024)

    Fortinet has released security updates to resolve SSLVPN session hijacking using SAML authentication vulnerability in FortiOS. The affected products are FortiOS versions 7.4, 7.2 &7.0.
    CVE ID: CVE-2023-50176 (High)

  • Fortinet Security Updates for FortiClient Windows (12 Nov 2024)

    Fortinet has released security updates to resolve a privilege escalation vulnerability in FortiClient Windows. The affected products are FortiClientWindows 7.2,7.0 & 6.4.
    CVE ID: CVE-2024-36513 (High)

  • Fortinet Security Updates for FortiClientWindows (12 Nov 2024)

    Fortinet has released security updates to resolve an authentication bypass vulnerability in FortiClient Windows. The affected products are FortiClientWindows 7.4, 7.2,7.0 & 6.4.
    CVE ID: CVE-2024-47574 (High)

  • Adobe Security Updates (12 Nov 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-39397 (Critical)

  • Ivanti Released Security Updates (12 Nov 2024)

    Ivanti has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-8190 (High)

  • Citrix Security Updates (12 Nov 2024)

    Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Subnet Solutions Security Updates for PowerSYSTEM Center (12 Nov 2024)

    Subnet Solutions has released security updates to resolve multiple vulnerabilities in its equipment PowerSYSTEM Center. The affected versions are PowerSYSTEM Center PSC 2020: v5.22.x and prior.
    CVE ID: CVE-2024-45490( High), CVE-2024-45491(Critical), CVE-2024-45492(Critical)

  • Multiple vulnerabilities in Hitachi Energy equipment TRO600 Series(12 Nov 2024)

    Multiple vulnerabilities have been discovered in Hitachi Energy equipment TRO600 Series. The affected products are Hitachi Energy TRO600 series firmware versions 9.0.1.0 - 9.2.0.0 and Hitachi Energy TRO600 series firmware versions 9.1.0.0 - 9.2.0.0.
    CVE ID: CVE-2024-41153(High), CVE-2024-41156(Medium)

  • Red Hat Security Updates (11 Nov 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (11 Nov 2024)

    Google has released LTS-126 version 126.0.6478.257 Platform version 15886.82.0 for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-10487 (Critical), CVE-2024-10231 (High), CVE-2024-10229 (High), CVE-2024-9958 (Medium), CVE-2024-9963(Medium)

  • Vulnerability in WordPress Relais 2FA plugin (11 Nov 2024)

    An authentication bypass vulnerability has been discovered in the WordPress Relais 2FA plugin. The affected versions are Relais 2FA plugin versions up to, and including, 1.0.
    CVE ID: CVE-2024-10245 (Critical)

  • WordPress Released Security Update for WP Membership plugin (08 Nov 2024)

    WordPress has released a security update to resolve arbitrary file uploads vulnerability in the WP Membership plugin. The affected versions are WP Membership plugin, all versions up to, and including, 1.6.2.
    CVE ID: CVE-2024-10547 (Critical)

  • WordPress Released Security Update for WPLMS Learning Management System (08 Nov 2024)

    WordPress has released a security update to resolve arbitrary file read and deletion vulnerability in the WPLMS Learning Management System. The affected versions are WPLMS Learning Management System, all versions up to, and including, 4.962.
    CVE ID: CVE-2024-10470 (Critical)

  • Vulnerability in WordPress Debug Tool plugin(08 Nov 2024)

    An arbitrary file creation vulnerability has been discovered in the WordPress Debug Tool plugin. The affected versions are Debug Tool plugin, all versions up to, and including, 2.2.
    CVE ID: CVE-2024-10586(Critical)

  • WordPress Released Security Updates for WooCommerce Support Ticket System plugin (08 Nov 2024)

    WordPress has released security updates to resolve arbitrary file uploads and arbitrary file deletion vulnerabilities in the WooCommerce Support Ticket System plugin. The affected versions are WooCommerce Support Ticket System plugin, all versions up to, and including, 17.7.
    CVE ID: CVE-2024-10627(Critical), CVE-2024-10625(Critical)

  • WordPress Released Security Update for WordPress User Extra Fields plugin (08 Nov 2024)

    WordPress has released a security update to resolve arbitrary file uploads vulnerability in the WordPress User Extra Fields plugin. The affected versions are WordPress User Extra Fields plugin,all versions up to, and including, 16.5.
    CVE ID: CVE-2024-10801(Critical)

  • Vulnerabilities in WordPress CE21 Suite plugin (08 Nov 2024)

    Authentication bypass and information disclosure vulnerabilities have been discovered in the WordPress CE21 Suite plugin. The affected versions are CE21 Suite plugin, versions up to, and including, 2.2.0.
    CVE ID: CVE-2024-10285(Critical), CVE-2024-10284(Critical)

  • WordPress Released Security Update for RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin (08 Nov 2024)

    WordPress has released a security update to resolve a privilege escalation vulnerability in the RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin. The affected versions are WordPress User Extra Fields plugin, all versions up to, and including, 16.5.
    CVE ID: CVE-2024-10508(Critical)

  • WordPress Released Security Update for  Leopard - WordPress Offload Media plugin (08 Nov 2024)

    WordPress has released a security update to resolve a privilege escalation vulnerability in  Leopard - WordPress Offload Media plugin. The affected versions are  Leopard - WordPress Offload Media plugin, all versions up to, and including, 3.1.1.
    CVE ID: CVE-2024-10589(Critical)

  • WordPress Released Security Update for Category Ajax Filter plugin (08 Nov 2024)

    WordPress has released a security update to resolve Local File Inclusion vulnerability vulnerability in the Category Ajax Filter plugin. The affected versions are Category Ajax Filter plugin, all versions up to, and including, 2.8.2.
    CVE ID: CVE-2024-10871 (Critical)

  • Vulnerability in openimaj (06 Nov 2024)

    An XML External Entity (XXE) vulnerability has been discovered in Dmoz2CSV of openimaj. The affected version is Dmoz2CSV in openimaj v1.3.10.
    CVE ID: CVE-2024-51136 (Critical)

  • Vulnerability in Draytek Vigor3900 (05 Nov 2024)

    An arbitrary command execution vulnerability has been discovered in Draytek Vigor3900. The affected version is Draytek Vigor3900 1.5.1.3.
    CVE ID: CVE-2024-51252 (Critical)

  • Vulnerability in Tongda (04 Nov 2024)

    A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions are Tongda OA 2017 up to 11.10.
    CVE ID: CVE-2024-10732 (Critical)

  • Vulnerability in Tenda (04 Nov 2024)

    A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 15.03.05.19.
    CVE ID: CVE-2024-10698 (Critical)

  • Vulnerability in Tenda (04 Nov 2024)

    A command injection vulnerability has been discovered in Tenda. The affected version is Tenda AC6 15.03.05.19.
    CVE ID: CVE-2024-10697 (Critical)

  • Vulnerability in LevelOne WBR-6012 Router (01 Nov 2024)

    A vulnerability has been discovered in LevelOne WBR-6012 router's web application that allows to change the administrator password and gain higher privileges without the current password. The affected version is LevelOne WBR-6012 router firmware version R0.40e6.
    CVE ID: CVE-2024-33699 (Critical)

  • Vulnerability in Tenda (01 Nov 2024)

    A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected versions are Tenda AC1206 up to 20241027.
    CVE ID: CVE-2024-10434 (Critical)

  • Vulnerability in SECOM (01 Nov 2024)

    A vulnerability has been discovered in SECOM wireless router WRTM326 that does not properly validate a specific parameter and could execute arbitrary system commands by sending crafted requests.
    CVE ID: CVE-2024-10119 (Critical)

  • Vulnerability in AA-Team WZone (01 Nov 2024)

    A missing authorization vulnerability has been discovered in AA-Team WZone. The affected versions are WZone from n/a through 14.0.10.
    CVE ID: CVE-2024-33545 (Critical)

  • Red Hat Security Updates (01 Nov 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in langchain (31 Oct 2024)

    A SQL injection vulnerability has been discovered in the GraphCypherQAChain class of langchain-ai/langchainjs. The affected versions are GraphCypherQAChain class of langchain-ai/langchainjs version 0.2.5 and all versions with this class.
    CVE ID: CVE-2024-7042 (Critical)

  • Vulnerability in Meetup (31 Oct 2024)

    An authorization bypass vulnerability has been discovered in Meetup. The affected versions are Meetup: from n/a through 0.1.
    CVE ID: CVE-2024-50483 (Critical) 

  • Multiple Vulnerabilities in Rockwell Automation FactoryTalk ThinManager Equipment (31 Oct 2024)

    Multiple vulnerabilities have been discovered in Rockwell Automation FactoryTalk ThinManager equipment. The affected versions are ThinManager: versions 11.2.0 to 11.2.9, versions 12.0.0 to 12.0.7, versions 12.1.0 to 12.1.8, versions 13.0.0 to 13.0.5, versions 13.1.0 to 13.1.3, versions 13.2.0 to 13.2.2, and version 14.0.0. The mitigation and workarounds are available.
    CVE ID: CVE-2024-10386 (Critical), CVE-2024-10387 (High)

  • Microsoft Edge Security Updates (31 Oct 2024)

    Microsoft has released updated Microsoft Edge Stable Channel (Version 130.0.2849.68) to resolve vulnerabilities.

  • Google Released Security Updates for Chrome (30 Oct 2024)

    Google has released Chrome Beta 131 (131.0.6778.22) for iOS, Chrome Beta 131 (131.0.6778.22) for Android, and Beta channel 131.0.6778.24 for Windows, Mac and Linux.

  • Red Hat Security Updates (30 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Mozilla Released Security Updates (29 Oct 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 132, Thunderbird 128.4, Firefox ESR 115.17, Firefox ESR 128.4, Firefox 132. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-10458 (High), CVE-2024-10459 (High), CVE-2024-10460 (Medium), CVE-2024-10461 (Medium), CVE-2024-10462 (Medium), CVE-2024-10463 (Medium), CVE-2024-10464 (Low), CVE-2024-10465 (Low), CVE-2024-10466 (Low), CVE-2024-10467 (Medium), CVE-2024-10468 (Medium)

  • Vulnerability in Crypto plugin for WordPress (29 Oct 2024)

    An authentication bypass vulnerability has been discovered in Crypto plugin for WordPress. The affected versions are Crypto plugin for WordPress up to and including, 2.15.
    CVE ID: CVE-2024-9989 (Critical)

  • Vulnerability in IBM (29 Oct 2024)

    A static credentials vulnerability has been discovered in IBM Flexible Service Processor. The affected versions are IBM Flexible Service Processor FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10. Security updates are available.
    CVE ID: CVE-2024-45656 (Critical)

  • Multiple Vulnerabilities in Siemens' Equipment InterMesh (29 Oct 2024)

    Multiple vulnerabilities have been discovered in several of Siemens' equipment- InterMesh. Siemens has released workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2024-47901 (Critical), CVE-2024-47902 (High), CVE-2024-47903 (High), CVE-2024-47904 (High)

  • Vulnerability in Delta Electronics' Equipment (29 Oct 2024)

    A deserialization of untrusted data vulnerability has been discovered in Delta Electronics' Equipment- InfraSuite Device Master. The affected versions are InfraSuite Device Master: Versions 1.0.12 and prior. Security updates are available.
    CVE ID: CVE-2024-10456 (Critical)

  • Apple Security Updates (29 Oct 2024)

    Apple has released security updates to address multiple vulnerabilities in Safari 18.1. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2024-44259, CVE-2024-44229, CVE-2024-44296, CVE-2024-44244

  • Red Hat Security Updates (28 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Sunnet (27 Oct 2024)

    SQL Injection vulnerability has been discovered in eHDR CTMS of Sunnet that allow unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
    CVE ID: CVE-2024-10440 (Critical)

  • Vulnerability in Wux Blog Editor plugin for WordPress (26 Oct 2024)

    An Unauthenticated Arbitrary File Upload vulnerability has been discovered in Wux Blog Editor plugin for WordPress. The affected versions are Wux Blog Editor plugin for WordPress up to and including, 3.0.0.
    CVE ID: CVE-2024-9932 (Critical)

  • Vulnerability in Trend Micro Deep Discovery Inspector (25 Oct 2024)

    A vulnerability has been discovered in Trend Micro Deep Discovery Inspector that allow an attacker to disclose sensitive information affected installations. The affected versions are Trend Micro Deep Discovery Inspector versions 5.8 and above.
    CVE ID: CVE-2024-46902 (Critical)

  • Vulnerability in IBM Concert (25 Oct 2024)

    A vulnerability has been discovered in IBM Concert. The affected versions are IBM Concert 1.0.0 and 1.0.1.
    CVE ID: CVE-2024-43177 (Critical)

  • Vulnerability in Tenda (25 Oct 2024)

    Stack-based buffer overflow vulnerability has been discovered in Tenda FH1201. The affected version is Tenda FH1201 v1.2.0.14.
    CVE ID: CVE-2024-41461 (Critical)

  • Google Released Security Updates for Chrome (24 Oct 2024)

    Google has released Chrome Dev 132 (132.0.6793.3) for Android and Dev channel 132.0.6793.2 for Windows, Mac and Linux.

  • Fortinet Released Security Updates (24 Oct 2024)

    Fortinet has released security updates to address missing authentication for critical function vulnerability in FortiManager. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-47575 (Critical)

  • Red Hat Security Updates (24 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in VIMESA's Equipment (24 Oct 2024)

    Improper Access Control vulnerability has been discovered in VIMESA's Equipment- VHF/FM Transmitter Blue Plus. The affected version is VHF/FM Transmitter Blue Plus v9.7.1. The mitigations are available.
    CVE ID: CVE-2024-9692 (Medium)

  • Vulnerability in iniNet Solutions' Equipment (24 Oct 2024)

    Path Traversal vulnerability has been discovered in iniNet Solutions' Equipment- SpiderControl SCADA PC HMI Editor. The affected version is SpiderControl SCADA PC HMI Editor version 8.10.00.00.
    CVE ID: CVE-2024-10313 (High)

  • Deep Sea Electronics Security Update (24 Oct 2024)

    Deep Sea Electronics has released security update to address a Missing Authentication for Critical Function vulnerability in its equipment- DSE855. The affected version is DSE855: version 1.0.26.
    CVE ID: CVE-2024-5947 (Medium)

  • Cisco Released Security Updates (23 Oct 2024)

    Cisco has released security updates to address static credential vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 series.
    CVE ID: CVE-2024-20412 (Critical)

  • Cisco Released Security Updates (23 Oct 2024)

    Cisco has released security updates to address command injection vulnerability in Cisco Secure Firewall Management Center Software.
    CVE ID: CVE-2024-20424 (Critical)

  • Cisco Released Security Updates (23 Oct 2024)

    Cisco has released security updates to address command injection vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software.
    CVE ID: CVE-2024-20329 (Critical)

  • Vulnerability in LiteSpeed Technologies (23 Oct 2024)

    An insufficiently protected credentials vulnerability has been discovered in LiteSpeed Cache of  LiteSpeed Technologies that allows authentication bypass. The affected versions are LiteSpeed Cache: from n/a before 6.5.0.1.
    CVE ID: CVE-2024-44000 (Critical)

  • Vulnerability in Piyushmca Shipyaari Shipping Management (23 Oct 2024)

    A deserialization of untrusted data vulnerability has been discovered in Piyushmca Shipyaari Shipping Management that allows Object Injection. The affected versions are Shipyaari Shipping Management: from n/a through 1.2.
    CVE ID: CVE-2024-49626 (Critical)

  • Vulnerability in Simple Admin Panel App (23 Oct 2024)

    A SQL injection vulnerability has been discovered in Simple Admin Panel App. The affected version is Simple Admin Panel App v1.0.
    CVE ID: CVE-2024-25223 (Critical)

  • Vulnerability in Zimbra Collaboration (23 Oct 2024)

    A vulnerability has been discovered in the postjournal service of Zimbra Collaboration. The affected versions are Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1.
    CVE ID: CVE-2024-45519 (Critical)

  • Vulnerability in HikCentral Master (22 Oct 2024)

    A CSV injection vulnerability has been discovered in some HikCentral Master Lite versions.
    CVE ID: CVE-2024-47485 (Critical)

  • Red Hat Security Updates (22 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Update for Chrome (21 Oct 2024)

    Google has released Stable channel OS version 16002.60.0 Browser version 129.0.6668.112 for most ChromeOS devices.

  • Vulnerability in Arduino (21 Oct 2024)

    A missing authentication vulnerability has been discovered in the Visual Studio Code extension for Arduino that allows to perform Remote Code Execution (RCE) through a network attack vector.
    CVE ID: CVE-2024-43488 (Critical)

  • Microsoft Edge Security Updates (20 Oct 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 130.0.2849.56) to resolve multiple vulnerabilities.

  • CVE - KB Correlation (18 Oct 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during Oct 2024.

  • CVE - KB Correlation (18 Oct 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during Sept 2024.

  • Vulnerability in SECOM WRTR-304GN-304TW-UPSC (18 Oct 2024)

    An OS command injection vulnerability has been discovered in SECOM WRTR-304GN-304TW-UPSC. The affected product is WRTR-304GN-304TW-UPSC V02.
    CVE ID: CVE-2024-10118

  • Vulnerability in Wireless Router WRTM326 from SECOM (18 Oct 2024)

    An OS command injection vulnerability has been discovered in wireless router WRTM326 from SECOM. The affected products are WRTM326 before version 2.3.20.
    CVE ID: CVE-2024-10119

  • Fortinet Released Security Updates for Multiple Products (17 Oct 2024)

    Fortinet has released security updates to address an use of externally-controlled format string vulnerability in FortiOS and FortiSwitchManager. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-23113 (Critical)

  • Multiple Vulnerabilities in Kieback&Peter's Equipment (17 Oct 2024)

    Multiple vulnerabilities have been discovered in Kieback&Peter's Equipment- DDC4000 Series. The mitigations are available.
    CVE ID: CVE-2024-41717 (Critical), CVE-2024-43812 (High), CVE-2024-43698 (Critical)

  • Vulnerability in HMS Networks' Equipment (17 Oct 2024)

    An insufficiently protected credential vulnerability has been discovered in HMS Networks' equipment- EWON FLEXY 202. The affected version is EWON FLEXY 202 firmware version 14.2s0.  Security updates are available.
    CVE ID: CVE-2024-7755 (High)

  • Multiple Vulnerabilities in Elvaco's Equipment (17 Oct 2024)

    Multiple vulnerabilities have been discovered in Elvaco's Equipment- M-Bus Metering Gateway CMe3100. Successful exploitation of these vulnerabilities could allow to perform Remote Code Execution (RCE), impersonate and send false information, or bypass authentication.
    CVE ID: CVE-2024-49396 (High), CVE-2024-49397 (High), CVE-2024-49398 (Critical), CVE-2024-49399 (High)

  • Vulnerability in LCDS' Equipment (17 Oct 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in LCDS' Equipment- LAquis SCADA that allows to steal cookies, inject arbitrary code, or perform unauthorized actions. The affected version is LAquis SCADA: version 4.7.1.511. Security Updates are available.
    CVE ID: CVE-2024-9414 (Critical)

  • Vulnerability in Mitsubishi Electric's Equipment (17 Oct 2024)

    A Denial of Service (DoS) vulnerability has been discovered in Mitsubishi Electric's Equipment- CNC Series. The mitigations are available.
    CVE ID: CVE-2024-7316 (Medium)

  • Red Hat Security Updates (17 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Security Update for Wordpress Plugin (17 Oct 2024)

    WordPress has released a security update to resolve a privilege escalation vulnerability in the UserPro plugin for WordPress. The affected versions are UserPro plugin for WordPress up to and including, 3.6.0.
    CVE ID: CVE-2024-9863 (Critical)

  • VMware Security Updates (16 Oct 2024)

    VMware has released security updates to address an Authenticated SQL injection in VMware HCX. The affected versions are VMware HCX 4.8.x, 4.9.x, and 4.10.x.
    CVE ID: CVE-2024-38814 (High)

  • Security Update for Wordpress Plugin (16 Oct 2024)

    WordPress has released a security update to resolve an authentication bypass vulnerability in the Nextend Social Login Pro plugin for WordPress. The affected versions are Nextend Social Login Pro plugin for WordPress up to and including, 3.1.14.
    CVE ID: CVE-2024-9893 (Critical)

  • Dell  Released Security Update (16 Oct 2024)

    Dell has released security updates for Dell OpenManage Enterprise. The affected versions are Dell OpenManage Enterprise versions prior to 4.2.0.
    CVE ID: CVE-2024-45766 (High), CVE-2024-45767 (Medium)

  • Red Hat Security Updates (16 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (16 Oct 2024)

    Google has released Dev channel 131.0.6778.0 (Platform version: 16063.2.0) for most ChromeOS devices. Chrome Beta 131 (131.0.6778.2) for Android, Chrome 131.0.6778.3 Beta channel for Windows, Mac and Linux, and Chrome Beta 131 (131.0.6778.2) for iOS.

  • Mozilla Released Security Updates (15 Oct 2024)

    Mozilla has released security updates to address a vulnerability in Firefox for iOS 131.2. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-10004 (Medium)

  • Cisco Released Security Updates (16 Oct 2024)

    Cisco has released security updates to address multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, Cisco UCS Central Software, and Cisco Unified Contact Center Management Portal.
    CVE ID: CVE-2024-20420 (Medium), CVE-2024-20421 (High), CVE-2024-20458 (High), CVE-2024-20459 (Medium), CVE-2024-20460 (Medium), CVE-2024-20461 (Medium), CVE-2024-20462 (Medium), CVE-2024-20463 (Medium), CVE-2024-20280 (Medium)

  • Vulnerability Summary (15 Oct 2024)

    Summary of vulnerabilities for the week of October 07, 2024.

  • Google Released Security Updates for Chrome (15 Oct 2024)

    Google has released Stable channel OS version 16002.58.0 Browser version 129.0.6668.110 for most ChromeOS devices, LTS-126 version 126.0.6478.255 Platform version 15886.80.0 for most ChromeOS devices, Chrome 130 130.0.6723.58 for Android, Stable channel 130.0.6723.58/.59 for Windows & Mac & 130.0.6723.58 for Linux and Extended Stable channel 130.0.6723.59 for Windows & Mac.
    CVE ID: CVE-2024-9123 (High), CVE-2024-9122 (High), CVE-2024-8905 (High), CVE-2024-9954 (High), CVE-2024-9955 (Medium), CVE-2024-9956 (Medium), CVE-2024-9957 (Medium), CVE-2024-9958 (Medium), CVE-2024-9959 (Medium), CVE-2024-9960 (Medium), CVE-2024-9961 (Medium), CVE-2024-9962 (Medium), CVE-2024-9963 (Medium), CVE-2024-9964 (Medium), CVE-2024-9965 (Medium), CVE-2024-9966 (Medium), CVE-2024-9967 (Medium)

  • Oracle Released October 2024 Critical Patch Update (15 Oct 2024)

    Oracle has released its critical patch update for October 2024 to address 334 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-45492 (Critical), CVE-2023-38408 (Critical), CVE-2024-4577 (Critical), CVE-2023-6816 (Critical), CVE-2022-2068 (Critical), CVE-2024-37371 (Critical), CVE-2022-36760 (Critical), CVE-2022-34381 (Critical), CVE-2024-5535 (Critical), CVE-2024-21216 (Critical), CVE-2024-28752 (Critical), CVE-2022-23305 (Critical), CVE-2023-38545 (Critical), CVE-2024-29736 (Critical), CVE-2024-21172 (Critical), CVE-2022-46337 (Critical)

  • Vulnerability in ChanGate (15 Oct 2024)

    A SQL Injection vulnerability has been discovered in the Property Management System of ChanGate that allows to inject arbitrary SQL commands to read, modify, and delete database content.
    CVE ID: CVE-2024-9972 (Critical)

  • Security Update for Wordpress Plugin (15 Oct 2024)

    WordPress has released a security update to resolve a path traversal vulnerability in the WordPress File Upload plugin for WordPress. The affected versions are WordPress File Upload plugin for WordPress up to and including, 4.24.11.
    CVE ID: CVE-2024-9047 (Critical)

  • Vulnerability in Pedalo Connector Plugin for WordPress (15 Oct 2024)

    An authentication bypass vulnerability has been discovered in Pedalo Connector plugin for WordPress. The affected versions are Pedalo Connector plugin for WordPress up to and including, 2.0.5.
    CVE ID: CVE-2024-9822 (Critical)

  • Red Hat Security Updates (15 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Ai3 QbiBot (14 Oct 2024)

    A lack of proper access control vulnerability has been discovered in the password reset feature of Ai3 QbiBot.
    CVE ID: CVE-2024-3777 (Critical)

  • Moxa Security Updates (14 Oct 2024)

    Moxa has released security updates to address missing authentication and OS command injection vulnerabilities in Moxa's Cellular Routers, Secure Routers, and Network Security Appliances.
    CVE ID: CVE-2024-9137 (Critical), CVE-2024-9139 (High)

  • Red Hat Security Updates (14 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (11 Oct 2024)

    Google has released Dev channel 131.0.6768.4 for Windows, Mac and Linux.

  • Vulnerability in Mecha CMS (11 Oct 2024)

    A directory traversal vulnerability has been discovered in Mecha CMS. The affected version is Mecha CMS 3.0.0.
    CVE ID: CVE-2024-46446 (Critical)

  • Security Update for Wordpress Plugin (11 Oct 2024)

    WordPress has released security update to resolve Remote Code Execution (RCE) vulnerability in the Hunk Companion plugin for WordPress. The affected versions are Hunk Companion plugin for WordPress up to and including, 1.8.4.
    CVE ID: CVE-2024-9707 (Critical)

  • Red Hat Security Updates (11 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Microsoft Edge Security Updates (10 Oct 2024)

    Microsoft has released updated Microsoft Edge Stable Channel version 129.0.2792.89 and Microsoft Edge Extended Stable Channel 128.0.2739.113 to resolve vulnerabilities.

  • Multiple Vulnerabilities in Delta Electronics' Equipment (10 Oct 2024)

    Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- CNCSoft-G2 that can allow to execute code remotely. The affected version is CNCSoft-G2: 2.1.0.10.
    CVE ID: CVE-2024-47962 (High), CVE-2024-47963 (High), CVE-2024-47964 (High), CVE-2024-47965 (High), CVE-2024-47966 (High)

  • Google Released Security Updates for Chrome (10 Oct 2024)

    Google has released Chrome Dev 131 131.0.6764.4 for Android and Beta channel 130.0.6723.44 for Windows, Mac & Linux.

  • Vulnerability in Rockwell Automation's Equipment (10 Oct 2024)

    An improper input validation vulnerability has been discovered in several products & versions of Rockwell Automation's Equipment's ControlLogix that causes a Denial of Service (DoS) condition on the affected device. The mitigations are available.
    CVE ID: CVE-2024-6207 (High)

  • Vulnerability in Zimbra Collaboration (10 Oct 2024)

    A vulnerability has been discovered in postjournal service of Zimbra Collaboration that allows unauthenticated users to execute commands. The affected versions are Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9 and 10.1 before 10.1.1.
    CVE ID: CVE-2024-45519 (Critical)

  • VMware Security Updates (10 Oct 2024)

    VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation and VMware NSX.
    CVE ID: CVE-2024-38818 (Medium), CVE-2024-38817 (Medium), CVE-2024-38815 (Medium)

  • Red Hat Security Updates (10 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • GitLab Security Updates (09 Oct 2024)

    GitLab has released updated versions 17.4.2, 17.3.5, and 17.2.9 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-9164 (Critical), CVE-2024-8970 (High), CVE-2024-8977 (High), CVE-2024-9631 (High), CVE-2024-6530 (High), CVE-2024-9623 (Medium), CVE-2024-5005 (Medium), CVE-2024-9596 (Low)

  • Mozilla Released Security Updates (09 Oct 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-9680 (Critical)

  • Google Released Security Updates for Chrome (09 Oct 2024)

    Google has released Chrome 130 130.0.6723.40 for Android, Chrome Stable 130 130.0.6723.37 for iOS, Beta channel OS version 16033.24.0, Browser version 130.0.6723.36 for most ChromeOS devices, Stable channel 130.0.6735.44 for Windows & Mac, Chrome Beta 130 130.0.6723.40 for Android and Chrome Beta 130 130.0.6723.38 for iOS.

  • Adobe Security Updates (08 Oct 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-45115 (Critical)

  • Microsoft Released October 2024 Security Updates (08 Oct 2024)

    Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-43468 (Critical), CVE-2024-38124 (Critical)

  • Vulnerability in DrayTek (08 Oct 2024)

    Arbitrary code execution vulnerability has been discovered in DrayTek Vigor310 devices. The affected versions are DrayTek Vigor310 devices through 4.3.2.6.
    CVE ID: CVE-2024-41593 (Critical)

  • Vulnerability in AutoGPT (08 Oct 2024)

    OS Command Injection vulnerability has been discovered in AutoGPT. The affected versions are AutoGPT v0.5.0 up to but not including 5.1.0.
    CVE ID: CVE-2024-1881 (Critical)

  • Red Hat Security Updates (08 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Cloudlog (07 Oct 2024)

    A SQL injection vulnerability has been discovered in Cloudlog. The affected version is Cloudlog 2.6.15.
    CVE ID: CVE-2024-45999 (Critical)

  • Vulnerability in DataEase (07 Oct 2024)

    A Remote Command Execution (RCE) vulnerability has been discovered in DataEase. The affected versions are DataEase prior to 2.10.1.
    CVE ID: CVE-2024-46997 (Critical)

  • Vulnerability in Opti Marketing WordPress Plugin (07 Oct 2024)

    A SQL injection vulnerability has been discovered in an Opti Marketing WordPress plugin. The affected versions are Opti Marketing WordPress plugin through 2.0.9.
    CVE ID: CVE-2024-6928 (Critical)

  • Vulnerability in weForms (07 Oct 2024)

    A missing authorization vulnerability has been discovered in weForms. The affected versions are weForms: from n/a through 1.6.20.
    CVE ID: CVE-2024-30512 (Critical)

  • Red Hat Security Updates (07 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (04 Oct 2024)

    Google has released Dev channel 131.0.6752.0 (Platform version: 16052.0.0) for most ChromeOS devices and Dev channel 131.0.6753.0 for Windows, Mac & Linux.

  • Vulnerability in Switch Models by PLANET Technology (04 Oct 2024)

    An access control vulnerability has been discovered in certain switch models by PLANET Technology that allows to download and upload firmware and system configurations, ultimately gaining full control of the devices. The affected products are GS-4210-24PL4C hardware 2.0 and GS-4210-24P2S hardware 3.0. Security updates are available.
    CVE ID: CVE-2024-8456 (Critical)

  • Vulnerability in Oceanic Software ValeApp (04 Oct 2024)

    A session fixation vulnerability has been discovered in Oceanic Software ValeApp that allows brute force & session hijacking. The affected versions are ValeApp before v2.0.0.
    CVE ID: CVE-2024-8643 (Critical)

  • Vulnerability in Oceanic Software ValeApp (04 Oct 2024)

    A session fixation vulnerability has been discovered in Oceanic Software ValeApp that allows brute force & session hijacking. The affected versions are ValeApp before v2.0.0.
    CVE ID: CVE-2024-8607 (Critical)

  • Vulnerability in Tenda G3 Router (04 Oct 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Tenda G3 Router. The affected version is Tenda G3 Router firmware v15.03.05.05. 
    CVE ID: CVE-2024-46628 (Critical)

  • Vulnerability in Zoom Products (04 Oct 2024)

    A privilege escalation vulnerability has been discovered in Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom Meeting SDK for Windows.
    CVE ID: CVE-2024-24691 (Critical)

  • Vulnerability in Progress Telerik UI for WPF (03 Oct 2024)

    An insecure deserialization vulnerability has been discovered in Progress Telerik UI for WPF. The affected versions are Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924).
    CVE ID: CVE-2024-7576 (Critical)

  • Vulnerability in Zimbra Collaboration (03 Oct 2024)

    A vulnerability has been discovered in Zimbra Collaboration (ZCS). The affected products are Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1.
    CVE ID: CVE-2024-45519 (Critical)

  • Security Update for Subnet Solutions Inc.'s PowerSYSTEM Center (03 Oct 2024)

    Subnet Solutions Inc. has released a security update to resolve multiple vulnerabilities in PowerSYSTEM Center.Successful exploitation of these vulnerabilities could result in bypassing a proxy, creating a Denial of Service (DoS) condition, or viewing sensitive information.The affected products are PowerSYSTEM Center PSC 2020 v5.21.x and prior.
    CVE ID: CVE-2020-28168 (Medium), CVE-2021-3749(High), CVE-2023-45857(Medium)

  • Vulnerability in Delta Electronics Product DIAEnergie (03 Oct 2024)

    SQL injection vulnerabilities have been discovered in Delta Electronics product, DIAEnergie.Successful exploitation of these vulnerabilities could allow to retrieve records or cause a Denial of Service (DoS). The affected products are DIAEnergie versions v1.10.01.008 and prior. Security update is available.
    CVE ID: CVE-2024-43699(Critical), CVE-2024-42417(High)

  • Multiple vulnerabilities in TEM Opera Plus FM FamilyTransmitter (03 Oct 2024)

    Multiple vulnerabilities have been discovered in TEM Opera Plus FM Family Transmitter.Successful exploitation of these vulnerabilities could allow to perform Remote Code Execution (RCE).The affected product is Opera Plus FM Family Transmitter version 35.45.
    CVE ID: CVE-2024-41988 (Critical), CVE-2024-41987 (High)

  • Red Hat Security Updates (03 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Microsoft Edge Security Updates (03 Oct 2024)

    Microsoft has released updated Microsoft Edge Stable Channel version 129.0.2792.79 and Microsoft Edge Extended Stable Channel 128.0.2739.107 to resolve vulnerabilities.
    CVE ID: CVE-2024-9370 , CVE-2024-9369 , CVE-2024-7025

  • Drupal Security Update (02 Oct 2024)

    Drupal has released security updates to address an access bypass vulnerability in Persistent Login, a third-party library used in it.

  • Drupal Security Update (02 Oct 2024)

    Drupal has released security updates to address an access bypass vulnerability in Two-factor Authentication (TFA), a third-party library used in it.

  • Drupal Security Update (02 Oct 2024)

    Drupal has released security updates to address an access bypass, and Information Disclosure vulnerabilities in Diff, a third-party library used in it. 

  • Multiple Vulnerabilities in Jenkins (02 Oct 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. Successful exploitation of these vulnerabilities could allow taking control of an affected system. Security updates are available.
    CVE ID: CVE-2024-47803 (Medium), CVE-2024-47804 (Medium), CVE-2024-47805 (Medium), CVE-2024-47806 (High), CVE-2024-47807 (High)

  • Red Hat Security Updates (02 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in SCHNEIDER Elektronik's 700 series (02 Oct 2024)

    A missing authentication for critical function vulnerability has been discovered in SCHNEIDER Elektronik's 700 series. The affected versions are SCHNEIDER Elektronik's 700 series up to version 0.1.17.6. Security update is available.
    CVE ID: CVE-2024-35293

  • Mozilla Released Security Updates (01 Oct 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 131, Thunderbird 128.3, Firefox ESR 115.16, Firefox ESR 128.3 and Firefox 131. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Red Hat Security Updates (01 Oct 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in  Optigo Networks's product  ONS-S8 - Spectra Aggregation Switch (01 Oct 2024)

    Multiple Vulnerabilities have been discovered in  Optigo Networks's product  ONS-S8 - Spectra Aggregation Switch. Successful exploitation of these vulnerabilities can allow to achieve Remote Code Execution (RCE), arbitrary file upload, or bypass authentication. The affected products are ONS-S8 - Spectra Aggregation Switch 1.3.7 and prior.
    CVE ID: CVE-2024-41925, CVE-2024-45367

  • Vulnerability in in Mitsubishi Electric's MELSEC iQ-F FX5-OPC Equipment (01 Oct 2024)

    A Denial-of-Service (DoS) vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-F FX5-OPC equipment. The affected products are all versions of MELSEC iQ-F FX5-OPC.
    CVE ID: CVE-2024-8497 (High)

  • Vulnerability in Mitsubishi Electric's Equipment (01 Oct 2024)

    A Denial of Service (DoS) has been discovered Mitsubishi Electric's Equipment- MELSEC iQ-F FX5-OPC. All versions of MELSEC iQ-F FX5-OPC are affected. The mitigations are available.
    CVE ID: CVE-2024-0727 (High) 

  • Vulnerability in Riello Netman 204 (30 Sep 2024)

    Critical vulnerability has been discovered in the password recovery mechanism for the forgotten password in Riello Netman 204 that allows an attacker to reset the admin password and take over control of the device. The affected versions are Netman 204: through 4.05.
    CVE ID: CVE-2024-8878 (Critical)

  • Vulnerability in Riello Netman 204 (30 Sep 2024)

    SQL Injection vulnerability has been discovered in Riello Netman 204. The affected versions are Netman 204: through 4.05.
    CVE ID: CVE-2024-8877 (Critical)

  • Vulnerability in MyOffice SDK (30 Sep 2024)

    Server-side request forgery vulnerability has been discovered in New Cloud MyOffice SDK Collaborative Editing Server. The affected versions are MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8.
    CVE ID: CVE-2024-47222 (Critical)

  • Vulnerability in Akana API Platform (30 Sep 2024)

    XML External Entity (XXE) vulnerability has been discovered in Akana API Platform. The affected versions are Akana API Platform prior to 2024.1.0.
    CVE ID: CVE-2024-3930 (Critical)

  • Vulnerability in FlashArray Purity (27 Sep 2024)

    Improper authentication vulnerability has been discovered in FlashArray Purity. 
    CVE ID: CVE-2024-0002 (Critical)

  • Google Released Security Updates for Chrome (26 Sep 2024)

    Google has released Dev channel 131.0.6738.0 for Windows, Mac and Linux, Dev channel OS version: 16033.11.0, Browser version: 130.0.6723.19, for most ChromeOS devices, Chrome Dev 131 (131.0.6738.0) for Android, and Chrome Beta 130 (130.0.6723.16) for iOS.

  • Vulnerability in Apex Softcell LD Geo (26 Sep 2024)

    Missing restrictions for excessive failed authentication attempts vulnerability has been discovered in Apex Softcell LD Geo. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.
    CVE ID: CVE-2024-47088 (Critical)

  • Vulnerability in  Havelsan Inc. Dialogue (26 Sep 2024)

    Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Havelsan Inc. Dialogue that allows Accessing Functionality Not Properly Constrained by ACLs. The affected versions are Dialogue: from v1.83 before v1.83.1 or v1.84.
    CVE ID: CVE-2024-3375 (Critical)

  • Red Hat Security Updates (26 Sep 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Eliz Software Panel (25 Sep 2024)

    A plaintext storage of a password vulnerability has been discovered in Eliz Software Panel. The affected versions are Eliz Software Panel before v2.3.24.
    CVE ID: CVE-2024-5960 (Critical)

  • Vulnerability in TuomoKu (25 Sep 2024)

    An arbitrary code execution vulnerability has been discovered in TuomoKu SPx-GC. The affected versions are TuomoKu SPx-GC v.1.3.0 and before.
    CVE ID: CVE-2024-44623 (Critical)

  • Vulnerability in Tiptel IP 286 (25 Sep 2024)

    A directory traversal vulnerability has been discovered in Tiptel IP 286. The affected version is Tiptel IP 286 with firmware version 2.61.13.10.
    CVE ID: CVE-2024-33109 (Critical)

  • Vulnerability in eladmin (25 Sep 2024)

    A Server Side Request Forgery (SSRF) vulnerability has been discovered in eladmin. The affected versions are eladmin v2.7 and before.
    CVE ID: CVE-2024-44677 (Critical) 

  • Citrix Released Security Updates (24 Sep 2024)

    Citrix has released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. The affected versions are XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR.
    CVE ID: CVE-2024-45817 (Medium), CVE-2022-24805(Medium), CVE-2022-24809 (Medium)

  • Vulnerability in Franklin Fueling Systems' Equipment (24 Sep 2024)

    An absolute path traversal vulnerability has been discovered in Franklin Fueling Systems' Equipment- TS-550 EVO Automatic Tank Gauge. The affected versions are Franklin Fueling Systems S-550 EVO versions prior to 2.26.4.8967. The mitigations are available.
    CVE ID: CVE-2024-8497 (High)

  • Vulnerability in Cellopoint (20 Sep 2024)

    A buffer overflow vulnerability has been discovered in Cellopoint Secure Email Gateway. The affected versions are Secure Email Gateway from version 4.2.1 to 4.5.0.
    CVE ID: CVE-2024-9043 (Critical)

  • Security Updates for Wordpress Plugin (20 Sep 2024)

    WordPress has released security updates to resolve a privilege escalation vulnerability in the Webo-facto plugin for WordPress. The affected versions are Webo-facto plugin for WordPress up to and including, 1.40.
    CVE ID: CVE-2024-8853 (Critical)

  • Vulnerability in Thinkphp (20 Sep 2024)

    A deserialization vulnerability has been discovered in Thinkphp that allows attackers to execute arbitrary code. The affected versions are Thinkphp v6.1.3 to v8.0.4.
    CVE ID: CVE-2024-44902 (Critical)

  • Red Hat Security Updates (20 Sep 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (19 Sep 2024)

    Google has released Chrome Dev 131 (131.0.6724.0) for Android, and Dev channel 131.0.6724.0 for Windows, Mac and Linux.

  • Vulnerability in Tenda (19 Sep 2024)

    A stack overflow vulnerability has been discovered in Tenda. The affected version is Tenda O6 V3.0 firmware V1.0.0.7(2054).
    CVE ID: CVE-2024-46049 (Critical)

  • Vulnerability in Tenda (19 Sep 2024)

    A command injection vulnerability has been discovered in Tenda. The affected version is Tenda FH451 v1.0.0.9.
    CVE ID: CVE-2024-46048 (Critical)

  • Vulnerability in NitroPack (19 Sep 2024)

    A code injection vulnerability has been discovered in NitroPack. The affected versions are NitroPack: from n/a through 1.16.7.
    CVE ID: CVE-2024-43922 (Critical)

  • Vulnerability in OpenPLC (18 Sep 2024)

    A stack-based buffer overflow vulnerability has been discovered in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC. The affected version is OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88.
    CVE ID: CVE-2024-34026 (Critical)

  • Red Hat Security Updates (18 Sep 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Mozilla Released Security Updates (17 Sep 2024)

    Mozilla has released security update to address an address bar spoofing after server-side redirect vulnerability in Firefox for Android 130.0.1. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-8897 (High)

  • Vulnerability in TOTOLINK (17 Sep 2024)

    A buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220.
    CVE ID: CVE-2024-46419 (Critical)

  • Vulnerability in TELSAT marKoni (17 Sep 2024)

    An improper access control vulnerability has been discovered in TELSAT marKoni FM Transmitters.
    CVE ID: CVE-2024-39376 (Critical)

  • Multiple Vulnerabilities in Millbeck Communications' Equipment (17 Sep 2024)

    Multiple vulnerabilities have been discovered in Millbeck Communications' Equipment- Proroute H685t-w. The affected version is Proroute H685t-w 3.2.334.
    CVE ID: CVE-2024-45682 (High), CVE-2024-38380 (Medium)

  • Vulnerability in Yokogawa's Equipment (17 Sep 2024)

    A Denial of Service (DoS) vulnerability has been discovered in Yokogawa's Equipment- Dual-redundant Platform for Computer (PC2CKM). The affected versions are Dual-redundant Platform for Computer (PC2CKM)  R1.01.00 to R2.03.00.  Security update is available.
    CVE ID: CVE-2024-8110 (High)

  • Google Released Security Updates for Chrome (17 Sep 2024)

    Google has released Stable channel 128.0.6613.161 Platform version 15964.58.0 for most ChromeOS devices, Chrome 129 129.0.6668.54 for Android, Extended Stable channel 128.0.6613.162 for Windows & Mac, Chrome Beta 129 129.0.6668.54 for Android and Chrome 129 129.0.6668.58 for Linux & 129.0.6668.58/.59 Windows & Mac to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-8904 (High), CVE-2024-8905 (Medium), CVE-2024-8906 (Medium), CVE-2024-8907 (Medium), CVE-2024-8908 (Low), CVE-2024-8909 (Low)

  • VMware Security Updates (17 Sep 2024)

    VMware has released security updates to address heap-overflow and privilege escalation vulnerabilities in VMware vCenter Server and VMware Cloud Foundation. The affected versions are VMware vCenter Server 8.0 & 7.0 and VMware Cloud Foundation 5.x & 4.x.
    CVE ID: CVE-2024-38812 (Critical), CVE-2024-38813 (High)

  • Apple Security Updates (16 Sep 2024)

    Apple has released security updates to address multiple vulnerabilities in iOS 18 & iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11, visionOS 2, Safari 18, Xcode 16, iOS 17.7 & iPadOS 17.7, macOS Sonoma 14.7 and macOS Ventura 13.7. An attacker can exploit these vulnerabilities to take control of an affected device.

  • Vulnerability in D-Link (16 Sep 2024)

    A stack based buffer overflow vulnerability has been discovered in D-Link wireless routers that allows to exploit the vulnerability to execute arbitrary code on the device.
    CVE ID: CVE-2024-45695 (Critical)

  • Vulnerability in SolarWinds Access Rights Manager (16 Sep 2024)

    An authentication bypass vulnerability has been discovered in SolarWinds Access Rights Manager. Successful exploitation of vulnerability allows access to the RabbitMQ management console.
    CVE ID: CVE-2024-28990 (Critical)

  • Ivanti Released Security Update (16 Sep 2024)

    Ivanti has released a security update to address an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA). The affected versions are Ivanti CSA 4.6.
    CVE ID: CVE-2024-8190 (High)

  • Vulnerability in Dell PowerScale InsightIQ (16 Sep 2024)

    A use of a broken or risky cryptographic algorithm vulnerability has been discovered in Dell PowerScale InsightIQ. The affected versions are Dell PowerScale InsightIQ versions 5.0 through 5.1.
    CVE ID: CVE-2024-39583 (Critical)

  • Red Hat Security Updates (16 Sep 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability Summary (16 Sep 2024)

    Summary of vulnerabilities for the week of September 09, 2024.

  • Microsoft Released September 2024 Security Updates (13 Sep 2024)

    Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in SolarWinds Access Rights Manager (ARM) (12 Sep 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in SolarWinds Access Rights Manager (ARM). This vulnerability allows an authenticated user to abuse the service, resulting in remote code execution.
    CVE ID: CVE-2024-28991 (Critical)

  • Security Update for Wordpress Plugin (12 Sep 2024)

    A SQL Injection vulnerability has been discovered in the LearnPress - WordPress LMS Plugin via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint. Update to version 4.2.7.1, or a newer patched version.
    CVE ID: CVE-2024-8529 (Critical)

  • Security Update for Wordpress Plugin (12 Sep 2024)

    A SQL Injection vulnerability has been discovered in the LearnPress - WordPress LMS Plugin via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint. Update to version 4.2.7.1, or a newer patched version.
    CVE ID: CVE-2024-8522 (Critical)

  • Google Released Security Updates for Chrome (12 Sep 2024)

    Google has released Chrome Dev 130 (130.0.6710.0) for Android, and Dev channel 130.0.6710.0 for Windows, Mac and Linux.

  • Palo Alto Networks Released Security Updates (11 Sep 2024)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in Prisma Access Browser, ActiveMQ Content Pack, Cortex XDR Agent, and PAN-OS.
    CVE ID: CVE-2024-8686 (High), CVE-2024-8687 (Medium), CVE-2024-8688 (Medium), CVE-2024-8689 (Medium), CVE-2024-8690 (Medium), CVE-2024-8691 (Medium)

  • Schneider Electric Security Updates (10 Sep 2024)

    Schneider Electric has released security updates to resolve multiple vulnerabilities in Vijeo Designer, EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-8401 (Medium), CVE-2024-8306 (High)

  • Security Updates for Ivanti (10 Sep 2024)

    Ivanti has released updates for Ivanti Endpoint Manager 2024 and 2022 SU6 which addresses multiple vulnerabilities. Successful exploitation could lead to unauthorized access to the EPM core server.
    CVE ID: CVE-2024-32840 (Critical), CVE-2024-32842 (Critical), CVE-2024-32843 (Critical), CVE-2024-32845 (Critical),  CVE-2024-32846 (Critical), CVE-2024-32848 (Critical), CVE-2024-34779 (Critical), CVE-2024-34783 (Critical), CVE-2024-34785 (Critical), CVE-2024-29847(Critical)

  • Security Updates for Azure Stack Hub (10 Sep 2024)

    Microsoft has released security update for Azure Stack Hub.
    CVE ID: CVE-2024-38220 (Critical)

  • Vulnerability in WPCOM Member plugin for WordPress (06 Sep 2024)

    A privilege escalation vulnerability has been discovered in the WPCOM Member plugin for WordPress. All versions up to, and including, 1.5.2.1 are affected.
    CVE ID: CVE-2024-7493 (Critical)

  • Vulnerability in IBM Product (04 Sep 2024)

    A critical vulnerability has been discovered in IBM webMethods Integration 10.15. This vulnerability could allow an authenticated user to upload and execute arbitrary files.
    CVE ID: CVE-2024-45076 (Critical)

  • Vulnerability in OpenRapid RapidCMS (03 Sep 2024)

    A SQL injection vulnerability has been discovered in OpenRapid RapidCMS. The affected versions are OpenRapid RapidCMS up to 1.3.1.
    CVE ID: CVE-2024-8331 (Critical)

  • Vulnerability in vTiger CRM (03 Sep 2024)

    A reflected Cross Site Scripting (XSS) vulnerability has been discovered in vTiger CRM. The affected version is vTiger CRM 7.4.0.
    CVE ID: CVE-2024-44779 (Critical)

  • Vulnerability in Chartist (03 Sep 2024)

    A vulnerability has been discovered that allows Prototype Pollution via the extended function in Chartist. The affected versions are Chartist 1.x through 1.3.0.
    CVE ID: CVE-2024-45435 (Critical)

  • Vulnerability in Tenda (03 Sep 2024)

    Arbitrary Command Execution vulnerability has been discovered in Tenda. The affected version is Tenda FH1206 v02.03.01.35.
    CVE ID: CVE-2024-42978 (Critical) 

  • Vulnerability in Django (03 Sep 2024)

    A SQL injection vulnerability has been discovered in Django. The affected versions are Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
    CVE ID: CVE-2024-42005 (Critical)

  • Google Released Security Updates for Chrome (30 Aug 2024)

    Google has released Dev channel 130.0.6683.2 for Windows, Mac and Linux.

  • Security Update of Media Library Folders plugin for WordPress (29 Aug 2024)

    SQL Injection vulnerability has been discovered in the Media Library Folders plugin for WordPress in versions up to and including 8.2.2. Security update is available.
    CVE ID: CVE-2024-7857 (Critical)

  • Vulnerability in TOTOLINK (29 Aug 2024)

    Buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK AC1200 T8 4.1.5cu.862_B20230228.
    CVE ID: CVE-2024-8079 (Critical)

  • Vulnerability in Havoc (29 Aug 2024)

    An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability has been discovered in Havoc. The affected version is Havoc 2 0.7.
    CVE ID: CVE-2024-41570 (Critical)

  • RansomHub Ransomware (29 Aug 2024)

    RansomHub is a ransomware-as-a-service variant—formerly that has established itself as an efficient and successful service model. The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims.

  • Red Hat Security Updates (29 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Drupal Security Updates (28 Aug 2024)

    Drupal has released security updates to address an access bypass vulnerability in Advanced Varnish, a third-party library used in it. The affected versions are Advanced Varnish prior to 4.0.11.

  • Red Hat Security Updates (28 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.
    CVE ID: CVE-2024-6079 (Medium)

  • Vulnerability in Tenda (27 Aug 2024)

    Stack overflow vulnerability has been discovered in Tenda. The affected version is Tenda AX1806 v1.0.0.1.
    CVE ID: CVE-2024-44557 (Critical)

  • Vulnerability in FAST (27 Aug 2024)

    A stack overflow vulnerability has been discovered in FAST that allows to execute arbitrary code or can cause a Denial of Service (DoS) via a crafted file path. The affected version is FAST FW300R v1.3.13 Build 141023 Rel.61347n.
    CVE ID: CVE-2024-41285 (Critical)

  • Vulnerability in TOTOLINK (27 Aug 2024)

    A hard-coded credentials vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T10 AC1200 4.1.8cu.5207.
    CVE ID: CVE-2024-8162 (Critical)

  • Google Released Security Updates for Chrome (27 Aug 2024)

    Google has released Beta channel 128.0.6613.97 Platform version 15964.37.0 for most ChromeOS devices, LTS channel, version 120.0.6099.320 Platform version 15662.117.0 for most ChromeOS devices and Chrome Stable 128 128.0.6613.98 for iOS.

  • SUSE Security Updates (27 Aug 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Versa (26 Aug 2024)

    A dangerous file type upload vulnerability has been discovered in Versa Director. Security patches and mitigation are available.
    CVE ID: CVE-2024-39717 (High)

  • SonicWall Security Updates (23 Aug 2024)

    SonicWall has released security updates to address an improper access control vulnerability in SonicWall SonicOS management access. The affected versions are SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
    CVE ID: CVE-2024-40766 (Critical)

  • Security Update of Favicon Generator Plugin for WordPress (23 Aug 2024)

    A Cross Site Request Forgery (CSRF) vulnerability has been discovered in the Favicon Generator plugin for WordPress in versions up to and including 1.5. Security update is available.
    CVE ID: CVE-2024-7568 (Critical)

  • Vulnerability in D-Link (23 Aug 2024)

    A command execution vulnerability has been discovered in D-Link. The affected version is D-Link DI_8004W 16.07.26A1.
    CVE ID: CVE-2024-44382 (Critical)

  • Vulnerability in D-Link (23 Aug 2024)

    A command execution vulnerability has been discovered in D-Link. The affected version is D-Link DI_8004W 16.07.26A1.
    CVE ID: CVE-2024-44381 (Critical)

  • CVE - KB Correlation (23 Aug 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during Aug 2024.

  • Vulnerability in Tenda (22 Aug 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda FH1206 02.03.01.35.
    CVE ID: CVE-2024-7707 (Critical)

  • Vulnerability in LibreChat (22 Aug 2024)

    A vulnerability has been discovered in LibreChat that does not validate the normalized pathnames of images. The affected versions are LibreChat through 0.7.4-rc1.
    CVE ID: CVE-2024-41704 (Critical)

  • Vulnerability in LibreChat (22 Aug 2024)

    An incorrect access control vulnerability has been discovered in LibreChat. The affected versions are LibreChat through 0.7.4-rc1.
    CVE ID: CVE-2024-41703 (Critical)

  • Vulnerability in Apache CXF (22 Aug 2024)

    A Server Side Request Forgery (SSRF) vulnerability has been discovered in the WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9.
    CVE ID: CVE-2024-29736 (Critical)

  • Vulnerability in N-central Server (22 Aug 2024)

    An authentication bypass vulnerability has been discovered in N-central server. The affected versions are N-central prior to 2024.2.
    CVE ID: CVE-2024-28200 (Critical)

  • Vulnerability in Atmail (22 Aug 2024)

    A SQL injection vulnerability has been discovered in Atmail. The affected version is Atmail v6.6.0. 
    CVE ID: CVE-2024-24133 (Critical)

  • Vulnerability in Rockwell Automation's Equipment (22 Aug 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Rockwell Automation's Equipment- Emulate3D. The affected version is Emulate3D 17.00.00.13276. The mitigations are available.
    CVE ID: CVE-2024-6079 (Medium)

  • Vulnerability in Rockwell Automation's Equipment (22 Aug 2024)

    A Denial of Service (DoS) vulnerability has been discovered in Rockwell Automation's Equipment- 5015 - AENFTXT. The affected version is Rockwell Automation 5015 - AENFTXT version 2.011. The mitigations are available.
    CVE ID: CVE-2024-6089 (Medium)

  • Vulnerability in MOBOTIX's Equipment (22 Aug 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in MOBOTIX's Equipment- P3 Cameras, Mx6 Cameras. The workarounds and mitigations are available.
    CVE ID: CVE-2023-34873 (High)

  • Multiple Vulnerabilities in Avtec's Equipment (22 Aug 2024)

    Multiple vulnerabilities have been discovered in Avtec's Equipment- Outpost 0810, Outpost Uploader Utility. The affected versions are Avtec Outpost 0810 versions prior to v5.0.0 and Outpost Uploader Utility versions prior to v5.0.0. The mitigations are available.
    CVE ID: CVE-2024-39776 (High), CVE-2024-42418 (High)

  • Google Released Security Updates for Chrome (22 Aug 2024)

    Google has released Beta channel 128.0.6613.75 Platform version 15964.32.0 for most ChromeOS devices, Chrome Beta channel 129.0.6668.12 for Windows, Mac & Linux, Chrome Beta 129 129.0.6668.11 for iOS, and Chrome Dev 130 130.0.6669.0 for Android.

  • Red Hat Security Updates (22 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.


  • SolarWinds Security Updates (21 Aug 2024)

    SolarWinds has released security updates to address hardcoded credentials and broken access control Remote Code Execution (RCE) vulnerabilities in SolarWinds Web Help Desk that allow to access internal functionality and modify data.
    CVE ID: CVE-2024-28987 (Critical), CVE-2024-28986 (Critical)

  • Security Update for WPML plugin for WordPress (21 Aug 2024)

    WordPress has released a security update to resolve the Remote Code Execution (RCE) vulnerability in the WPML plugin for WordPress. The affected versions are WPML plugin for WordPress versions up to, and including, 4.6.12.
    CVE ID: CVE-2024-6386 (Critical)

  • Vulnerability in Typecho (21 Aug 2024)

    A stored Cross Site Scripting (XSS) vulnerability has been discovered in Typecho. The affected version is Typecho v1.3.0.
    CVE ID: CVE-2024-35540 (Critical)

  • Vulnerability in newlib (21 Aug 2024)

    An arbitrary code execution vulnerability has been discovered in newlib. The affected version is newlib v.4.3.0.
    CVE ID: CVE-2024-30949 (Critical)

  • Google Released Security Updates for Chrome (21 Aug 2024)

    Google has released Chrome 128 128.0.6613.88 for Android, Chrome Stable 128 128.0.6613.92 for iOS, Dev channel OS version 16002.2.0, Browser version 129.0.6668.0 for most ChromeOS devices, Chrome Beta 129 129.0.6668.9 for Android and Chrome 128 stable channel 128.0.6613.84 for Linux & 128.0.6613.84/.85 for Windows & Mac to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967, CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978 ,CVE-2024-7979, CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035

  • Vulnerability in Woo Inquiry plugin for WordPress (20 Aug 2024)

    A SQL injection vulnerability has been discovered in the Woo Inquiry plugin for WordPress. The affected versions are Woo Inquiry plugin for WordPress versions up to, and including, 0.1.
    CVE ID: CVE-2024-7854 (Critical)

  • Vulnerability in wishnet Nepstech Wifi Router (20 Aug 2024)

    A vulnerability has been discovered in wishnet Nepstech Wifi Router that allows to obtain sensitive information via the cookie's parameters. The affected version is wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0.
    CVE ID: CVE-2024-42658 (Critical)

  • Vulnerability in Progress MOVEit Gateway (20 Aug 2024)

    An improper authentication vulnerability has been discovered in Progress MOVEit Gateway (SFTP modules)that allows authentication bypass. The affected version is MOVEit Gateway: 2024.0.0.
    CVE ID: CVE-2024-5805 (Critical)

  • Security Update for WordPress GiveWP - Donation Plugin and Fundraising Platform plugin (19 Aug 2024)

    WordPress has released a security update to resolve the PHP object injection vulnerability in GiveWP - Donation Plugin and Fundraising Platform plugin. The affected versions are GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress versions up to, and including, 3.14.1.
    CVE ID: CVE-2024-5932 (Critical)

  • Vulnerability in TOTOLINK (19 Aug 2024)

    A stack based buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK EX1200L 9.3.5u.6146_B20201023.
    CVE ID: CVE-2024-7909 (Critical)

  • Vulnerability in D-Link (19 Aug 2024)

    A command injection vulnerability has been discovered in D-Link. The affected version is D-Link DI-8100 16.07.
    CVE ID: CVE-2024-7833 (Critical)

  • Red Hat Security Updates (19 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (16 Aug 2024)

    Google has released Beta channel 128.0.6613.32 Platform version 15964.24.0 for most ChromeOS devices, LTC-126 version 126.0.6478.244 Platform Version 15886.75.0 for most ChromeOS devices and Dev channel 129.0.6658.0 for Windows, Mac and Linux. 

  • Vulnerability in Tenda (16 Aug 2024)

    An arbitrary command execution vulnerability has been discovered in Tenda. The affected version is Tenda FH1206 v02.03.01.35.
    CVE ID: CVE-2024-42978 (Critical)

  • Vulnerability in TOTOLINK (16 Aug 2024)

    An incorrect access control vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK LR350 V9.3.5u.6369_B20220309.
    CVE ID: CVE-2024-42967 (Critical)

  • Vulnerability in Task Manager App (16 Aug 2024)

    A SQL injection vulnerability has been discovered in Task Manager App. The affected version is Task Manager App v1.0.
    CVE ID: CVE-2024-25222 (Critical)

  • Red Hat Security Updates (14 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.
  • Microsoft Released August 2024 Security Updates (14 Aug 2024)

    Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-38063 (Critical), CVE-2024-38108 (Critical), CVE-2024-38109 (Critical), CVE-2024-38140 (Critical), CVE-2024-38159 (Critical), CVE-2024-38160 (Critical), CVE-2024-38199 (Critical)

  • Google Released Security Updates for Chrome (13 Aug 2024)

    Google has released Stable channel OS version 15917.65.0 Browser version 127.0.6533.114 for most ChromeOS devices and Stable channel 127.0.6533.119/.120 for Windows, Mac and 127.0.6533.119 for Linux.
  • Multiple Vulnerabilities in Ocean Data Systems' Equipment (13 Aug 2024)

    Multiple vulnerabilities have been discovered in Ocean Data Systems' equipment - Dream Report 2023. The affected versions are Dream Report 2023 version 23.0.17795.1010 and prior, and AVEVA Reports for Operations 2023 version 23.0.17795.1010. The mitigations are available.
    CVE ID: CVE-2024-6618 (High), CVE-2024-6619 (High)

  • Vulnerability in AVEVA's Equipment (13 Aug 2024)

    An allocation of resources without limits or throttling vulnerability has been discovered in AVEVA's Equipment- SuiteLink Server that allows servers to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host.
    CVE ID: CVE-2024-7113 (High) 

  • Vulnerability in SolarWinds (13 Aug 2024)

    A Java deserialization Remote Code Execution (RCE) vulnerability has been discovered in SolarWinds Web Help Desk. 
    CVE ID: CVE-2024-28986 (Critical)

  • Vulnerability in TOTOLINK (13 Aug 2024)

    A buffer overflow vulnerability has been discovered in TOTOLINK. The affected versions are TOTOLINK A3100R V4.1.2cu.5050_B20200504.
    CVE ID: CVE-2024-42547 (Critical)

  • Vulnerability in Edimax (13 Aug 2024)

    Command injection vulnerability has been discovered in Edimax. The affected versions are Edimax IC-6220DC and IC-5150W up to 3.06.
    CVE ID: CVE-2024-7616 (Critical)

  • Multiple Vulnerabilities in Ivanti Products (13 Aug 2024)

    Multiple vulnerabilities have been discovered in Ivanti Avalanche, Ivanti Neurons for ITSM, and Ivanti Virtual Traffic Manager. The mitigations are available.
    CVE ID: CVE-2024-7593 (Critical), CVE-2024-7569 (Critical), CVE-2024-7570 (High), CVE-2024-38652  (High), CVE-2024-38653 (High), CVE-2024-36136 (High), CVE-2024-37399 (High), CVE-2024-37373 (High) 

  • Multiple Vulnerabilities in Siemens Products (13 Aug 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2024-41940 (Critical), CVE-2021-20093 (Critical), CVE-2023-3935 (Critical), CVE-2024-3596 (Critical)

  • Adobe Security Updates (13 Aug 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-39397 (Critical)

  • Red Hat Security Updates (13 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Schneider Electric Security Updates (13 Aug 2024)

    Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in WooCommerce - Social Login plugin for WordPress (12 Aug 2024)

    An authentication bypass vulnerability has been discovered in WooCommerce - Social Login plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.5.
    CVE ID: CVE-2024-7503 (Critical)

  • Vulnerability in Shopware (12 Aug 2024)

    A SQL injection vulnerability has been discovered in Shopware. The affected versions are Shopware prior to versions 6.6.5.1 and 6.5.8.13.
    CVE ID: CVE-2024-42357 (Critical)

  • Vulnerability in Koha ILS (12 Aug 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Koha ILS. The affected versions are Koha ILS 23.05 and before.
    CVE ID: CVE-2024-28740 (Critical)

  • Red Hat Security Updates (12 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Palo Alto Networks Released Security Updates (10 Aug 2024)

    Palo Alto Networks has released security updates to resolve a missing authentication vulnerability in the Palo Alto Networks Expedition that could lead to an Expedition admin account takeover for attackers with network access to the Expedition. The affected versions are Palo Alto Networks Expedition below 1.2.92.
    CVE ID: CVE-2024-3400 (Critical)

  • Vulnerability in TOTOLINK (09 Aug 2024)

    A hard-coded password vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK CP450 4.1.0cu.747_B20191224. 
    CVE ID: CVE-2024-7332 (Critical)

  • Google Released Security Updates for Chrome (09 Aug 2024)

    Google has released Dev channel 129.0.6643.2 for Windows, Mac and Linux.

  • Microsoft Edge Security Updates (08 Aug 2024)

    Microsoft has released updated Microsoft Edge Stable Channel (Version 127.0.2651.98) and Extended Stable Channel (Version 126.0.2592.137) to resolve vulnerabilities.
    CVE ID: CVE-2024-38219 (Medium), CVE-2024-38218 (High)

  • Vulnerability in Tenda (08 Aug 2024)

    A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda i22 1.0.0.3(4687).
    CVE ID: CVE-2024-7583 (Critical)

  • Google Released Security Updates for Chrome (08 Aug 2024)

    Google has released Chrome Dev 129 129.0.6642.0 for Android.

  • Juniper Networks Security Updates (08 Aug 2024)

    Juniper Networks has released security updates to address Denial of Service (DoS) vulnerability in Junos OS and Junos OS Evolved.
    CVE ID: CVE-2024-39558 (Medium)

  • Red Hat Security Updates (08 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Cisco Products (07 Aug 2024)

    Multiple vulnerabilities have been discovered in Cisco Smart Software Manager On-Prem, and Cisco Small Business SPA300 Series and SPA500 Series IP Phones. A security update is available for Cisco Smart Software Manager On-Prem.
    CVE ID: CVE-2024-20450 (Critical), CVE-2024-20451 (High), CVE-2024-20452 (Critical), CVE-2024-20453 (High), CVE-2024-20454 (Critical), CVE-2024-20419 (Critical)

  • Multiple Vulnerabilities in Jenkins (07 Aug 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2024-43044 (Critical), CVE-2024-43045 (Medium)

  • GitLab Security Updates (07 Aug 2024)

    GitLab has released updated versions 17.2.2, 17.1.4, and 17.0.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-3035 (Medium), CVE-2024-6356 (Medium), CVE-2024-5423 (Medium), CVE-2024-4210 (Medium), CVE-2024-2800 (Medium), CVE-2024-6329 (Medium), CVE-2024-4207 (Medium), CVE-2024-3958 (Medium), CVE-2024-4784 (Medium), CVE-2024-3114 (Medium),  CVE-2024-7586 (Medium)

  • Drupal Security Updates (07 Aug 2024)

    Drupal has released security updates to address an Arbitrary PHP code execution vulnerability in Opigno group manager, Opigno Learning path and Opigno module, the third-party libraries used in it. The affected versions are Opigno group manager below 3.1.1, Opigno module below 3.1.2, and Opigno Learning path below 3.1.2.

  • Vulnerability in D-Link (07 Aug 2024)

    Hardcoded credentials vulnerability has been discovered in D-Link DIR-300 REVA FIRMWARE. The affected version is D-Link DIR-300 REVA FIRMWARE v1.06B05_WW.
    CVE ID: CVE-2024-41616 (Critical)

  • Vulnerability in Zscaler Client Connector (07 Aug 2024)

    An improper input validation vulnerability has been discovered in Zscaler Client Connector on MacOS that allows OS Command Injection. The affected versions are Zscaler Client Connector on MacOS below 4.2.
    CVE ID: CVE-2024-23483 (Critical)

  • Vulnerability in PayPal (07 Aug 2024)

    A SQL injection vulnerability has been discovered in PayPal, Credit Card and Debit Card Payment. The affected versions are PayPal, Credit Card and Debit Card Payment version 1.0.
    CVE ID: CVE-2024-33974 (Critical)

  • Vulnerability in JetBrains TeamCity (07 Aug 2024)

    A vulnerability has been discovered in JetBrains TeamCity that can cause access tokens to work even after deletion or expiration. The affected versions are JetBrains TeamCity before 2024.07.
    CVE ID: CVE-2024-41827 (Critical)

  • Vulnerability in IBM (07 Aug 2024)

    An authentication bypass vulnerability has been discovered in the IBM MQ Operator. The affected versions are IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24.
    CVE ID: CVE-2024-39742 (Critical)

  • Mozilla Released Security Updates (06 Aug 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.14, Thunderbird 128.1 Firefox ESR 128.1, Firefox ESR 115.14, and Firefox 129. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-7518 (High), CVE-2024-7519 (High), CVE-2024-7520 (High), CVE-2024-7521 (High), CVE-2024-7522 (High), CVE-2024-7524 (High), CVE-2024-7525 (High), CVE-2024-7526 (High), CVE-2024-7527 (High), CVE-2024-7528 (High), CVE-2024-7529 (Medium), CVE-2024-7530 (Medium), CVE-2024-7531 (Low)

  • Vulnerability in Raisecom (06 Aug 2024)

    An OS command injection vulnerability has been discovered in Raisecom. The affected versions are Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90.
    CVE ID: CVE-2024-7470 (Critical)

  • Vulnerability in elunez eladmin (06 Aug 2024)

    A path traversal vulnerability has been discovered in elunez eladmin. The affected versions are elunez eladmin up to 2.7.
    CVE ID: CVE-2024-7458 (Critical)

  • Django Security Updates (06 Aug 2024)

    Django has released security updates to address multiple vulnerabilities in its product. The affected versions are Django main branch, Django 5.1, Django 5.0, and Django 4.2. 
    CVE ID: CVE-2024-41989 (Medium), CVE-2024-41990 (Medium), CVE-2024-41991 (Medium), CVE-2024-42005 (High)

  • Vulnerability in Delta Electronics' Equipment (06 Aug 2024)

    A stack based buffer overflow vulnerability has been discovered in Delta Electronics' Equipment- DIAScreen. The affected versions are DIAScreen prior to 1.4.2.
    CVE ID: CVE-2024-7502 (High)

  • Android Security Updates (05 Aug 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-08-05 or later, address all of these issues.
    CVE ID: CVE-2024-23350 (Critical), CVE-2024-34727 (High), CVE-2024-34731 (High), CVE-2024-34734 (High), CVE-2024-34735 (High), CVE-2024-34737 (High), CVE-2024-34738 (High), CVE-2024-34739 (High), CVE-2024-34740 (High), CVE-2024-34741 (High), CVE-2024-34742 (High), CVE-2024-34743 (High), CVE-2024-31333 (High)

  • Red Hat Security Updates (05 Aug 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Siemens' Equipment (02 Aug 2024)

    Multiple vulnerabilities have been discovered in Siemens' Equipment- Omnivise T3000. The mitigations are available.
    CVE ID: CVE-2024-38876 (High), CVE-2024-38877 (High), CVE-2024-38878 (High), CVE-2024-38879 (High)

  • Vulnerability in Tenda (02 Aug 2024)

    A command injection vulnerability has been discovered in Tenda FH. The affected version is Tenda FH1201 v1.2.0.14.
    CVE ID: CVE-2024-41473 (Critical)

  • Vulnerability in ALCASAR (02 Aug 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in ALCASAR. The affected versions are ALCASAR before 3.6.1.
    CVE ID: CVE-2024-38295 (Critical)

  • Vulnerability in CubeCart (02 Aug 2024)

    A directory traversal vulnerability has been discovered in CubeCart. The affected version is CubeCart v.6.5.5.
    CVE ID: CVE-2024-34832 (Critical)

  • Multiple Vulnerabilities in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters (01 Aug 2024)

    Multiple vulnerabilities have been discovered in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters. The affected Vonets products and versions are VAR1200-H versions 3.3.23.6.9 & prior, VAR1200-L versions 3.3.23.6.9 & prior, VAR600-H versions 3.3.23.6.9 & prior, VAP11AC versions 3.3.23.6.9 & prior, VAP11G-500S versions 3.3.23.6.9 & prior, VBG1200 versions 3.3.23.6.9 & prior, VAP11S-5G versions 3.3.23.6.9 & prior, VAP11S versions 3.3.23.6.9 & prior, VAR11N-300 versions 3.3.23.6.9 & prior, VAP11G-300 versions 3.3.23.6.9 & prior, VAP11N-300 versions 3.3.23.6.9 & prior, VAP11G versions 3.3.23.6.9 & prior, VAP11G-500 versions 3.3.23.6.9 & prior, VBG1200 versions 3.3.23.6.9 & prior, VAP11AC versions 3.3.23.6.9 & prior and VGA-1000 versions 3.3.23.6.9 & prior.
    CVE ID: CVE-2024-41161 (High), CVE-2024-29082 (High), CVE-2024-41936 (High), CVE-2024-37023 (Critical), CVE-2024-39815 (High), CVE-2024-39791 (High), CVE-2024-42001 (High)

  • Google Released Security Updates for Chrome (01 Aug 2024)

    Google has released Dev channel 129.0.6628.3 for Windows, Mac & Linux, Chrome Beta 128 (128.0.6613.16) for iOS and Chrome Dev 129 (129.0.6628.0) for Android.

  • Vulnerability in Rockwell Automation's Equipment (01 Aug 2024)

    An unprotected alternate channel vulnerability has been discovered in Rockwell Automation's Equipment- ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules that allow executing CIP programming and configuration commands. The mitigations are available.
    CVE ID: CVE-2024-6242 (High)

  • Vulnerability in Johnson Controls Inc.'s Equipment (01 Aug 2024)

    An inadequate encryption strength vulnerability has been discovered in Johnson Controls Inc.'s Equipment- exacqVision Client & exacqVision Server key that allows to decrypt communications between exacqVision Server and exacqVision Client, due to insufficient key length and exchange. All versions of exacqVision client and exacqVision server. The mitigations are available.
    CVE ID: CVE-2024-32758 (High)

  • Vulnerability in Johnson Controls Inc.'s Equipment (01 Aug 2024)

    The permissive cross-domain policy with untrusted domain vulnerability has been discovered in Johnson Controls Inc.'s Equipment- exacqVision Web Service that allows to send an unauthorised request or access data from an untrusted domain. The affected version is exacqVision Web Service 22.12.1.0. The mitigations are available.
    CVE ID: CVE-2024-32862 (Medium)

  • Vulnerability in AVTECH SECURITY Corporation's Equipment (01 Aug 2024)

    A command injection vulnerability has been discovered in AVTECH SECURITY Corporation's Equipment- IP camera. The affected versions are AVM1203 firmware version FullImg-1023-1007-1011-1009 and prior.
    CVE ID: CVE-2024-7029 (High)

  • Vulnerability in Microsoft Dynamics 365 (31 Jul 2024)

    An elevation of privilege vulnerability has been discovered in Dynamics 365 Field Service (on-premises) v7 series.
    CVE ID: CVE-2024-38182 (Critical)

  • Drupal Security Updates (31 Jul 2024)

    Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability in View Password, a third-party library used in it. The affected versions are View Password prior to 6.0.4.

  • DigiCert Certificate Revocations (30 Jul 2024)

    DigiCert has revoked a subset of Transport Layer Security (TLS) certificates due to a non-compliance issue with Domain Control Verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure communication. DigiCert customers check their DigiCert account to view any non-compliant certificates and reissue/rekey certificates.

  • Red Hat Security Updates (25 Jul 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (24 Jul 2024)

    Google has released Chrome Beta 128 (128.0.6613.6) for Android, and Dev channel has been updated to 128.0.6613.7 for Windows, Mac and Linux.

  • Vulnerability in National Instruments' Equipment (23 Jul 2024)

    Stack-Based Buffer Overflow vulnerability has been discovered in National Instruments' Equipment- IO Trace that may allow a local attacker to execute arbitrary code. All versions of IO Trace are affected. 
    CVE ID: CVE-2024-5602 (High)

  • Multiple Vulnerabilities in Hitachi Energy's Equipment (23 Jul 2024)

    Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 that allow an attacker to create a denial-of-service condition. The mitigations are available.
    CVE ID: CVE-2023-0286 (High), CVE-2023-0215 (High), CVE-2022-4450 (High), CVE-2022-4304 (Medium)

  • ISC Released Security Updates for BIND 9 (23 Jul 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-4076 (High)

  • ISC Released Security Updates for BIND 9 (23 Jul 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-1975 (High)

  • ISC Released Security Updates for BIND 9 (23 Jul 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-1737 (High)

  • ISC Released Security Updates for BIND 9 (23 Jul 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-0760 (High)

  • Vulnerability in GroupMe (23 Jul 2024)

    An improper access control vulnerability has been discovered in GroupMe that allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
    CVE ID: CVE-2024-38164 (Critical)

  • Red Hat Security Updates (22 Jul 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in WooCommerce - Social Login plugin for WordPress (22 Jul 2024)

    An unauthorized modification of data has been discovered in WooCommerce - Social Login plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for WordPress all versions up to, and including, 2.7.3.
    CVE ID: CVE-2024-6636 (Critical)

  • Vulnerability in WooCommerce - Social Login plugin for WordPress (20 Jul 2024)

    An unauthorized modification of data vulnerability has been discovered in WooCommerce - Social Login plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for WordPress all versions up to, and including, 2.7.3.
    CVE ID: CVE-2024-6636 (Critical)

  • Vulnerability in PayPlus Payment Gateway WordPress Plugin (20 Jul 2024)

    SQL injection vulnerability has been discovered in PayPlus Payment Gateway WordPress plugin. The affected versions are ayPlus Payment Gateway WordPress plugin before 6.6.9.
    CVE ID: CVE-2024-6205 (Critical)

  • Vulnerability in PruvaSoft Informatics Apinizer Management Console (19 Jul 2024)

    Authorization Bypass Through User-Controlled Key vulnerability has been discovered in PruvaSoft Informatics Apinizer Management Console. The affected versions are Apinizer Management Console: before 2024.05.1.
    CVE ID: CVE-2024-5619 (Critical)

  • Vulnerability in Tenda (19 Jul 2024)

    A hardcoded password vulnerability has been discovered in Tenda. The affected version is Tenda i29V1.0 V1.0.0.5.
    CVE ID: CVE-2024-35338 (Critical)

  • Vulnerability in Tenda (19 Jul 2024)

    Stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC18 V15.03.3.10_EN.
    CVE ID: CVE-2024-33182 (Critical)

  • Vulnerability in Craft CMS (19 Jul 2024)

    SQL injection vulnerability has been discovered in Craft CMS. The affected versions are Craft CMS up to v3.7.31.
    CVE ID: CVE-2024-37843 (Critical)

  • Google Released Security Updates for Chrome (18 Jul 2024)

    Google has released Dev channel 128.0.6601.2 for Windows, Mac and Linux, Chrome Dev 128 (128.0.6601.2) for Android, and Chrome Beta 127 (127.0.6533.58) for iOS.

  • Red Hat Security Updates (16 Jul 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Cellopoint Secure Email Gateway (15 Jul 2024)

    Buffer Overflow vulnerability has been discovered in SMTP Listener of Cellopoint Secure Email Gateway. The affected version is Secure Email Gateway before version 4.5.0. The mitigations are available.
    CVE ID: CVE-2024-6744 (Critical)

  • Vulnerability in AguardNet's Space Management System (15 Jul 2024)

    It has been discovered that AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
    CVE ID: CVE-2024-6743 (Critical)

  • Juniper Networks Security Updates (15 Jul 2024)

    Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS and Junos OS Evolved.
    CVE ID: CVE-2024-39565 (High), CVE-2024-39548 (Medium), CVE-2024-39545 (Medium)

  • Vulnerability in my-springsecurity-plus (12 Jul 2024)

    SQL injection vulnerability has been discovered in my-springsecurity-plus. The affected versions are my-springsecurity-plus before v2024.07.03.
    CVE ID: CVE-2024-40542 (Critical)

  • Vulnerability in JSON API User plugin for WordPress (12 Jul 2024)

    Privilege escalation vulnerability has been discovered in JSON API User plugin for WordPress. All versions up to and including 3.9.3 are affected.
    CVE ID: CVE-2024-6624 (Critical)

  • Red Hat Security Updates (12 Jul 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • CISA Red Team’s Operations Highlights the Necessity of Defense-in-Depth (11 Jul 2024)

    In coordination with the assessed organization, CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s activity and tactics, techniques, and procedures (TTPs); associated network defense activity; and lessons learned to provide network defenders with recommendations for improving their organization’s detection capabilities and cyber posture. The red team’s findings underscored the importance of defense-in-depth and using diversified layers of protection. 

  • Rockwell Automation Released Security Update (11 Jul 2024)

    Rockwell Automation has released security update to address an Improper Privilege Management vulnerability in its equipment- FactoryTalk System Services and Policy Manager. The affected versions are FactoryTalk System Services: v6.40, and FactoryTalk Policy Manager: v6.40.
    CVE ID: CVE-2024-6325 (Medium), CVE-2024-6236 (Medium)

  • Vulnerability in HMS Industrial Networks' Equipment (11 Jul 2024)

    Cross-site Scripting vulnerability has been discovered in HMS Industrial Networks' Equipment- Anybus-CompactCom 30. All versions of Anybus-CompactCom 30 are affected. The mitigations are available.
    CVE ID: CVE-2024-6558 (Medium)

  • Rockwell Automation Released Security Update (11 Jul 2024)

    Rockwell Automation has released security update to address an improper input validation vulnerability in its equipment- ThinManager ThinServer that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The affected versions are ThinManager ThinServer versions 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0, 13.2.0.
    CVE ID: CVE-2024-5988 (Critical), CVE-2024-5989 (Critical), CVE-2024-5990 (High)

  • SUSE Security Updates (11 Jul 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (11 Jul 2024)

    Google has released Dev channel 128.0.6585.0 for Windows, Mac and Linux.

  • CVE - KB Correlation (11 Jul 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during July 2024.

  • Palo Alto Networks Released Security Updates (10 Jul 2024)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in the Palo Alto Networks Expedition, Panorama Web Interface, Cortex XDR Agent, PAN-OS.
    CVE ID: CVE-2024-5910 (Critical), CVE-2024-5911 (High), CVE-2024-5912 (Medium), CVE-2024-5913 (Medium), CVE-2024-3596 (Medium)

  • Moxa Security Updates (10 Jul 2024)

    Moxa has released security updates to address Linux kernel memory double free vulnerability in multiple Moxa product. The affected versions are NPort 5100A Series prior to version 1.6.
    CVE ID: CVE-2024-1086 (High)

  • CISA and FBI Released Secure by Design Alert (10 Jul 2024)

    CISA and FBI have released Secure by Design Alert in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices to target and compromise users. These vulnerabilities allowed unauthenticated malicious actors to remotely execute code on network edge devices.
    CVE ID: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887

  • Cisco Security Updates for Cisco IOS XR Software (10 Jul 2024)

    Cisco has released security updates to address a vulnerability in Cisco IOS XR software that allows to bypass the Cisco Secure Boot functionality and load unverified software onto an affected device.
    CVE ID: CVE-2024-20456 (High)

  • Google Released Security Updates for Chrome (10 Jul 2024)

    Google has released Beta channel 127.0.6533.43 for Windows, Mac & Linux, Beta channel OS version 15917.31.0, Browser version 127.0.6533.39 for most ChromeOS devices, Chrome Beta 127 127.0.6533.40 for iOS, and Chrome Beta 127 127.0.6533.41 for Android.

  • Vulnerability in EGroupware (10 Jul 2024)

    A SQL injection vulnerability has been discovered in EGroupware. The affected versions are EGroupware before 23.1.20240624.
    CVE ID: CVE-2024-40614 (Critical)

  • Vulnerability in CodeProjects Health Care hospital Management System (10 Jul 2024)

    A SQL injection vulnerability has been discovered in CodeProjects Health Care Hospital Management System. The affected version is CodeProjects Health Care hospital Management System v1.0.
    CVE ID: CVE-2024-38348 (Critical)

  • Vulnerability in Rejetto HTTP File Server (10 Jul 2024)

    A template injection vulnerability has been discovered in Rejetto HTTP File Server. The affected versions are Rejetto HTTP File Server up to and including version 2.3m.
    CVE ID: CVE-2024-23692 (Critical)

  • GitLab Security Updates (10 Jul 2024)

    GitLab has released updated versions 17.1.2, 17.0.4, and 16.11.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-6385 (Critical), CVE-2024-5257 (Medium), CVE-2024-5470 (Low), CVE-2024-6595 (Low), CVE-2024-2880 (Low), CVE-2024-5528 (Low)

  • Red Hat Security Updates (10 Jul 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Fortinet Released Security Updates for Multiple Products (09 Jul 2024)

    Fortinet has released security updates to address vulnerabilities in FortiExtender, FortiOS & FortiProxy. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-26006 (Medium), CVE-2024-26015 (Low), CVE-2024-23663 (High)

  • Multiple Vulnerabilities in Citrix NetScaler Products (09 Jul 2024)

    Multiple vulnerabilities have been discovered in Citrix NetScaler Console, NetScaler SVM, and NetScaler Agent. The mitigations are available.
    CVE ID: CVE-2024-6235 (Critical), CVE-2024-6236 (High)

  • Microsoft Released July 2024 Security Updates (09 Jul 2024)

    Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-38076 (Critical), CVE-2024-38077 (Critical), CVE-2024-38074 (Critical), CVE-2024-38089 (Critical) 

  • Multiple Vulnerabilities in Siemens Products (09 Jul 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.
    CVE ID: CVE-2024-23113 (Critical), CVE-2024-21762 (Critical), CVE-2024-3400 (Critical), CVE-2024-3596 (Critical), CVE-2024-39872 (Critical)

  • Adobe Security Updates (09 Jul 2024)

    Adobe has released security updates to address multiple high, and medium vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-34123 (High), CVE-2024-20781 (High), CVE-2024-20782 (High), CVE-2024-20783 (High), CVE-2024-20785 (High), CVE-2024-34139 (High), CVE-2024-34140 (Medium)

  • Multiple Vulnerabilities in Citrix Products (09 Jul 2024)

    Multiple vulnerabilities have been discovered in Citrix products. Citrix has released security updates to address these vulnerabilities for some products.
    CVE ID: CVE-2024-6148 (Medium), CVE-2024-6149 (Medium), CVE-2024-6150 (Medium), CVE-2024-6151 (High), CVE-2024-6286 (High), CVE-2024-5491 (High), CVE-2024-5492 (Medium)

  • Multiple Vulnerabilities have been discovered in Delta Electronics' Equipment (09 Jul 2024)

    Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- CNCSoft-G2 that can cause a buffer overflow condition and allow remote code execution. The affected version is CNCSoft-G2: Version 2.0.0.5. The mitigations are available.
    CVE ID: CVE-2024-39880 (High), CVE-2024-39881 (High), CVE-2024-39882 (High), CVE-2024-39883 (High)

  • Mozilla Released Security Updates (09 Jul 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 115.13, and Firefox 128. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-6600 (Medium), CVE-2024-6601 (Medium), CVE-2024-6602 (Medium), CVE-2024-6603 (Medium), CVE-2024-6604 (High), CVE-2024-6605 (High), CVE-2024-6606 (High), CVE-2024-6607 (Medium), CVE-2024-6608 (Medium), CVE-2024-6609 (Medium), CVE-2024-6610 (Medium), CVE-2024-6611 (Low), CVE-2024-6612 (Low), CVE-2024-6613 (Low), CVE-2024-6614 (Low), CVE-2024-6615 (High)

  • SUSE Security Updates (09 Jul 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Joomla Security Updates (09 Jul 2024)

    Joomla has released security updates to resolve multiple vulnerabilities in Joomla CMS.
    CVE ID: CVE-2024-26279 (Medium), CVE-2024-26278 (Medium), CVE-2024-21731 (Medium), CVE-2024-21730 (Low), CVE-2024-21729 (Medium)

  • Vulnerability in Product Table of WBW plugin for WordPress (09 Jul 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in the Product Table of the WBW plugin for WordPress. The affected versions are the Product Table of the WBW plugin for WordPress all versions up to, and including, 2.0.1.
    CVE ID: CVE-2024-6365 (Critical)

  • Vulnerability in 14Finger (08 Jul 2024)

    An arbitrary user deletion vulnerability has been discovered in 14Finger. The affected version is 14Finger v1.1.
    CVE ID: CVE-2024-37768 (Critical)

  • Vulnerability in Volmarg Personal Management System (08 Jul 2024)

    A Server Side Request Forgery (SSRF) vulnerability has been discovered in Volmarg Personal Management System. The affected version is Volmarg Personal Management System 1.4.64.
    CVE ID: CVE-2024-29319 (Critical)

  • Vulnerability in goanother Another Redis Desktop Manager (08 Jul 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in goanother Another Redis Desktop Manager. The affected versions are goanother Another Redis Desktop Manager 1.6.1 and below.
    CVE ID: CVE-2024-23998 (Critical)

  • Vulnerability in Lukas Bach yana (08 Jul 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Lukas Bach yana. The affected version is Lukas Bach yana 1.0.16 and below.
    CVE ID: CVE-2024-23997 (Critical)

  • Vulnerability in SeaCMS (08 Jul 2024)

    An arbitrary code execution vulnerability has been discovered in SeaCMS. The affected versions are SeaCMS 12.9 and below.
    CVE ID: CVE-2024-39028 (Critical)

  • Multiple Vulnerabilities in ABB's ASPECT system (08 Jul 2024)

    Unauthorized file access and Remote Code Execution (RCE) vulnerabilities have been discovered in ABB's ASPECT system. The affected versions are ASPECT®- Enterprise 3.08.01 and earlier, NEXUS Series 3.08.01 and earlier and MATRIX Series 3.08.01 and earlier. The mitigations are available.
    CVE ID: CVE-2024-6209 (Critical), CVE-2024-6298 (Critical)

  • Vulnerability in OpenSSH (06 Jul 2024)

    A security regression vulnerability has been discovered in OpenSSH's server (sshd) that leads to a race condition in sshd to handle some signals in an unsafe manner. 
    CVE ID: CVE-2024-6387 (High)

  • Vulnerability in Issabel PBX (05 Jul 2024)

    An Operating System (OS) command injection vulnerability has been discovered in Issabel PBX. The affected version is Issabel PBX 4.0.0.
    CVE ID: CVE-2024-0986 (Critical)

  • VMware Security Update (04 Jul 2024)

    VMware has released a security update to address an HTML injection vulnerability in VMware Cloud Director Availability. The affected version is VMware Cloud Director Availability 4.x.
    CVE ID: CVE-2024-22277 (Medium)

  • Vulnerability in Mitsubishi Electric (04 Jul 2024)

    A malicious code execution vulnerability due to incorrect default permissions has been discovered in Mitsubishi Electric's equipment- MELIPC Series MI5122-VW. The affected versions are MELIPC Series MI5122-VW Firmware versions "05" to "07". Security updates are available.
    CVE ID: CVE-2024-3904 (High)

  • Vulnerability in OpenHarmony (03 Jul 2024)

    An out of bounds write vulnerability has been discovered in OpenHarmony. The affected versions are OpenHarmony v4.0.0 and prior.
    CVE ID: CVE-2024-37185 (Critical)

  • Vulnerability in MongoDB (03 Jul 2024)

    A code injection vulnerability has been discovered in MongoDB Compass. The affected versions are MongoDB Compass versions prior to version 1.42.2.
    CVE ID: CVE-2024-6376 (Critical)

  • Google Released Security Updates for Chrome (02 Jul 2024)

    Google has released Chrome Dev 128 128.0.6557.4 for Android.

  • Vulnerability in Langflow (02 Jul 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Langflow. The affected versions are Langflow through 0.6.19.
    CVE ID: CVE-2024-37014 (Critical)

  • Vulnerability in mySCADA's Equipment (02 Jul 2024)

    Use of hard coded password vulnerability has been discovered in mySCADA's Equipment- myPRO that can cause Remotely Code Execution (RCE) on the affected device. The affected versions are myPRO prior to 8.31.0. The mitigation is available.
    CVE ID: CVE-2024-4708 (Critical)

  • Johnson Controls Security Updates for Kantech KT Door Controllers(02 Jul 2024)

    Johnson Controls has released security updates to resolve a vulnerability in Kantech KT Door Controllers. The affected versions are Kantech KT1 Door Controller, Rev01 version 2.09.10 and prior, Kantech KT2 Door Controller, Rev01 version 2.09.10 and prior, and Kantech KT400 Door Controller, Rev01 version 3.01.16 and prior.
    CVE ID: CVE-2024-32754 (Low)

  • Multiple Vulnerabilities in ICONICS, Mitsubishi Electric's Equipment (02 Jul 2024)

    Multiple vulnerabilities have been discovered in ICONICS, Mitsubishi Electric's Equipment- ICONICS Product Suite, which can result in Denial of Service (DoS), improper privilege management, or potentially Remote Code Execution (RCE). The mitigations are available.
    CVE ID: CVE-2023-2650 (Low), CVE-2023-4807 (Medium), CVE-2024-1182 (High), CVE-2024-1573 (Medium), CVE-2024-1574 (Medium)

  • Android Security Updates (01 Jul 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-07-05 or later, address all of these issues.
    CVE ID: CVE-2024-31320 (Critical), CVE-2024-31331 (High), CVE-2024-34720 (High), CVE-2024-34723 (High), CVE-2024-31332 (High), CVE-2024-31339 (High), CVE-2024-34722 (High), CVE-2024-34721 (High), CVE-2024-26923 (High), CVE-2024-0153 (High), CVE-2024-4610 (High), CVE-2024-31334 (High), CVE-2024-31335 (High), CVE-2024-34724 (High), CVE-2024-34725 (High), CVE-2024-34726 (High), CVE-2024-20076 (High), CVE-2024-20077 (High), CVE-2024-23368 (High), CVE-2024-23372 (High), CVE-2024-23373 (High), CVE-2024-23380 (High), CVE-2024-21461 (High), CVE-2024-21460 (High), CVE-2024-21462 (High), CVE-2024-21465 (High), CVE-2024-21469 (High)

  • Red Hat Security Updates (01 Jul 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Juniper Networks Security Updates (01 Jul 2024)

    Juniper Networks has released security updates to address Denial of Service (DoS)in Junos OS. The affected versions are Junos OS starting with 21.4R1, affected platforms SRX Series.
    CVE ID: CVE-2024-21586 (High)

  • Red Hat Security Updates (26 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in PTC's Equipment (25 Jun 2024)

    A missing authorization vulnerability has been discovered in PTC's Equipment- Creo Elements/Direct License Server that allows to execute arbitrary OS commands. The affected versions are Creo Elements/Direct License Server: version 20.7.0.0 and prior.
    CVE ID: CVE-2024-6071 (Critical)

  • Progress Security Updates for MOVEit Transfer (25 Jun 2024)

    Progress has released security updates to resolve an authentication bypass vulnerability for MOVEit Transfer (SFTP module). The affected versions are MOVEit Transfer from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
    CVE ID: CVE-2024-5806 (Critical)

  • Vulnerability in ABB's Equipment (25 Jun 2024)

    An improper input validation vulnerability has been discovered in ABB's Equipment- 800xA Base that can cause services to crash and restart. The affected versions are ABB 800xA Base: versions 6.1.1-2 and prior.
    CVE ID: CVE-2024-3036 (Medium)

  • Google Released Security Updates for Chrome (25 Jun 2024)

    Google has released Chrome Stable 126 126.0.6478.108 for iOS, Stable channel 126.0.6478.132 Platform version: 15886.44.0 for most ChromeOS devices, and Dev channel 128.0.6555.2 for Windows, Mac & Linux.

  • Apple Security Updates (25 Jun 2024)

    Apple has released security updates to resolve an authentication vulnerability in AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-27867

  • SUSE Security Updates (25 Jun 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (24 Jun 2024)

    Google has released Chrome 126 126.0.6478.122 for Android, and Stable channel 126.0.6478.126/127 for Windows, Mac & 126.0.6478.126 for Linux.
    CVE ID: CVE-2024-6290 (High), CVE-2024-6291 (High), CVE-2024-6292 (High), CVE-2024-6293 (High)

  • Vulnerability in Pear Admin Boot (24 Jun 2024)

    A SQL injection vulnerability has been discovered in Pear Admin Boot. The affected versions are Pear Admin Boot up to 2.0.2. 
    CVE ID: CVE-2024-6241 (Critical)

  • Vulnerability in Parallels Desktop Software (24 Jun 2024)

    An improper privilege management vulnerability has been discovered in Parallels Desktop Software. The affected versions are Parallels Desktop Software versions earlier than 19.3.0. 
    CVE ID: CVE-2024-6240 (Critical)

  • Vulnerability in PHP (21 Jun 2024)

    A vulnerability has been discovered in the PHP that can allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. The affected versions are PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8.
    CVE ID: CVE-2024-4577 (Critical)

  • Red Hat Security Updates (20 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • CISA Released Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses (20 Jun 2024)

    CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities. The report summarizes views of vendors and customers and provides a set of recommendations for encouraging SSO adoption.

  • Google Released Security Updates for Chrome (20 Jun 2024)

    Google has released Beta channel 127.0.6533.17 for Windows, Mac and Linux, Chrome Beta 127 (127.0.6533.16) for iOS, and Chrome Beta 127 (127.0.6533.15) for Android.

  • Vulnerability in Yokogawa's Equipment (20 Jun 2024)

    Uncontrolled Search Path Element vulnerability has been discovered in Yokogawa's Equipment- CENTUM that allow an attacker to execute arbitrary programs. The mitigations are available.
    CVE ID: CVE-2024-5650 (High) 

  • Multiple Vulnerabilities in Westermo's Equipment (20 Jun 2024)

    Multiple vulnerabilities have been discovered in Westermo's Equipment- L210-F2G Lynx that can crash the device being accessed or can allow remote code execution. The affected version is Westermo L210-F2G Lynx: 4.21.0. The mitigations are available.
    CVE ID: CVE-2024-37183 (Medium), CVE-2024-35246 (High), CVE-2024-32943 (High) 

  • Microsoft Edge Security Updates (20 Jun 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 126.0.2592.68) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-38082 (Medium), CVE-2024-38093 (Medium)

  • SUSE Security Updates (20 Jun 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Shariff Wrapper plugin for WordPress (20 Jun 2024)

    Local File Inclusion vulnerability has been discovered in Shariff Wrapper plugin for WordPress.
    CVE ID: CVE-2024-4098 (Critical)

  • Vulnerability in CAREL's Equipment (20 Jun 2024)

    Path Traversal vulnerability has been discovered in CAREL's Equipment- Boss-Mini that allow an attacker to manipulate an argument path, which can lead to information disclosure. The affected version is CAREL Boss-Mini: version 1.4.0 (Build 6221). The mitigations are available.
    CVE ID: CVE-2023-3643 (Critical) 

  • Vulnerability in Lifeline Donation plugin for WordPress (19 Jun 2024)

    Authentication bypass vulnerability has been discovered in Lifeline Donation plugin for WordPress. The affected versions are Lifeline Donation plugin for WordPress versions up to, and including, 1.2.6.
    CVE ID: CVE-2024-5432 (Critical)

  • Red Hat Security Updates (19 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in EmailGPT Service (18 Jun 2024)

    A prompt injection vulnerability has been discovered in the EmailGPT service that allows a malicious user to inject a direct prompt and take over the service logic. 
    CVE ID: CVE-2024-5184 (Critical)

  • Google Released Security Updates for Chrome (18 Jun 2024)

    Google has released Chrome 126 (126.0.6478.110) for Android, Dev channel OS version 127.0.6533.11 (Platform version 15917.8.0) for most ChromeOS devices, Stable channel has been updated to 126.0.6478.114/115 for Windows, Mac and 126.0.6478.114 for Linux, and Stable channel OS version: 15853.67.0 Browser version: 125.0.6422.197 for most ChromeOS devices.
    CVE ID: CVE-2024-6100 (High), CVE-2024-6101 (High), CVE-2024-6102 (High), CVE-2024-6103 (High)

  • Vulnerability in EmailGPT Service (18 Jun 2024)

    A prompt injection vulnerability has been discovered in EmailGPT service. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit this vulnerability by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.
    CVE ID: CVE-2024-5184 (Critical)

  • Vulnerability in Totolink (18 Jun 2024)

    Improper access controls vulnerability has been discovered in Totolink. The affected version is Totolink N350RT 9.3.5u.6265.
    CVE ID: CVE-2024-0570 (Critical)

  • CVE - KB Correlation (18 Jun 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during June 2024.

  • Vulnerability in WooCommerce - Social Login plugin for WordPress (17 Jun 2024)

    A PHP object injection vulnerability has been discovered in the WooCommerce - Social Login plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.6.2.
    CVE ID: CVE-2024-5871 (Critical)

  • Vulnerability in ASUS Router (17 Jun 2024)

    An authentication bypass vulnerability has been discovered in the ASUS router that allows unauthenticated remote attackers to log into the device. 
    CVE ID: CVE-2024-3080 (Critical)

  • Vulnerability Summary (17 Jun 2024)

    Summary of vulnerabilities for the week of June 10, 2024.

  • Vulnerability in GeoVision Devices (17 Jun 2024)

    It has been discovered that certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
    CVE ID: CVE-2024-6047 (Critical)

  • Vulnerability in ASUS Routers (17 Jun 2024)

    An arbitrary firmware upload vulnerability has been discovered in ASUS routers. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.
    CVE ID: CVE-2024-3912 (Critical)

  • Vulnerability in Canto plugin for WordPress (17 Jun 2024)

    Remote File Inclusion vulnerability has been discovered in Canto plugin for WordPress. The affected versions are Remote File Inclusion in all versions up to, and including, 3.0.8.
    CVE ID: CVE-2024-4936 (Critical)

  • Vulnerability in Progress Telerik Report Server (14 Jun 2024)

    An authentication bypass vulnerability has been discovered in the Progress Telerik Report Server. The affected versions are Progress Telerik Report Server version 2024 Q1 (10.0.24.305) or earlier.
    CVE ID: CVE-2024-4358 (Critical)

  • Red Hat Security Updates (13 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Dokan Pro plugin for WordPress (12 Jun 2024)

    A SQL injection vulnerability has been discovered in the Dokan Pro plugin for WordPress. The affected versions are the Dokan Pro plugin for WordPress all versions up to, and including, 3.10.3.
    CVE ID: CVE-2024-3922 (Critical)

  • Vulnerability in SoftLab Upload Fields for WPForms (12 Jun 2024)

    A missing authorization vulnerability has been discovered in SoftLab Upload Fields for WPForms. The affected versions are SoftLab Upload Fields for WPForms from n/a through 1.0.2.
    CVE ID: CVE-2024-35661 (Critical)

  • Vulnerability in WPDeveloper EmbedPress (12 Jun 2024)

    A missing authorization vulnerability has been discovered in WPDeveloper EmbedPress. The affected versions are EmbedPress from n/a through 3.9.8.
    CVE ID: CVE-2024-31284 (Critical)

  • Cisco Released Security Updates (12 Jun 2024)

    Cisco has released security updates to address multiple vulnerabilities in Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance.
    CVE ID: CVE-2024-20256 (Medium), CVE-2024-20257 (Medium), CVE-2024-20258 (Medium), CVE-2024-20383 (Medium), CVE-2024-20392 (Medium)

  • Palo Alto Networks Released Security Updates (12 Jun 2024)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in the Palo Alto Networks Cortex XDR Agent, GlobalProtect App, and Prisma Cloud Compute.
    CVE ID: CVE-2024-5909 (Medium), CVE-2024-5908 (Medium), CVE-2024-5907 (Medium), CVE-2024-5906 (Medium)

  • Google Released Security Updates for Chrome (12 Jun 2024)

    Google has released Chrome Beta 127 127.0.6533.5 for Windows, Mac & Linux, Dev channel OS version 127.0.6533.0 Platform version 15917.2.0 for most ChromeOS devices, Chrome Beta 127 127.0.6533.2 for Android, Chrome Beta 127 127.0.6533.3 for iOS and Beta channel OS version 15886.29.0 Browser version 126.0.6478.48 for most ChromeOS devices.

  • Red Hat Security Updates (12 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Microsoft Released June 2024 Security Updates (12 Jun 2024)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Adobe Security Updates (11 Jun 2024)

    Adobe has released security updates to address multiple critical, high, and medium vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-30299 (Critical), CVE-2024-30300 (Critical), CVE-2024-34108 (Critical), CVE-2024-34102 (Critical)

  • Vulnerability in Intrado's Equipment (11 Jun 2024)

    A SQL injection vulnerability has been discovered in Intrado's Equipment- 911 Emergency Gateway (EGW) that allows to execute malicious code, exfiltrate data, or manipulate the database. All versions of 911 Emergency Gateway (EGW) are affected.
    CVE ID: CVE-2024-1839 (Critical)

  • Fortinet Released Security Updates (11 Jun 2024)

    Fortinet has released security updates to address several vulnerabilities in FortiOS. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-26010 (Medium), CVE-2024-23111 (Medium), CVE-2024-23110 (High), CVE-2023-46720 (Medium), CVE-2024-21754 (Low)

  • Vulnerability in Rockwell Automation's Equipment (11 Jun 2024)

    An always incorrect control flow implementation vulnerability has been discovered in Rockwell Automation's Equipment- ControlLogix, GuardLogix & CompactLogix. The mitigation is available.
    CVE ID: CVE-2024-5659 (High)

  • Vulnerability in AVEVA's Equipment (11 Jun 2024)

    A deserialization of untrusted data vulnerability has been discovered in AVEVA's Equipment - PI Web API that allows to perform Remote Code Execution (RCE). The affected versions are AVEVA PI Web API versions 2023 and prior. The mitigations are available.
    CVE ID: CVE-2024-3468 (High)

  • Vulnerability in AVEVA's Equipment (11 Jun 2024)

    A deserialization of untrusted data vulnerability has been discovered in AVEVA's Equipment - PI Asset Framework Client that allows to perform malicious code execution. The affected versions are PI Asset Framework Client: 2023 and PI Asset Framework Client: 2018 SP3 P04 and prior. The mitigations are available.
    CVE ID: CVE-2024-3467 (High)

  • Multiple Vulnerabilities in MicroDicom's Equipment (11 Jun 2024)

    An improper authorization in the handler for custom URL scheme and stack-based buffer overflow vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer. The affected versions are DICOM Viewer prior to 2024.2. The mitigations are available.
    CVE ID: CVE-2024-33606 (High), CVE-2024-28877 (High)

  • Mozilla Released Security Updates (11 Jun 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 115.12 & Firefox 127. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-5702 (High), CVE-2024-5688 (High), CVE-2024-5690 (Medium), CVE-2024-5691 (Medium), CVE-2024-5692 (Medium), CVE-2024-5693 (Medium), CVE-2024-5696 (Medium), CVE-2024-5700 (High), CVE-2024-5687 (High), CVE-2024-5689 (Medium), CVE-2024-5690 (Medium), CVE-2024-5691 (Medium), CVE-2024-5692 (Medium), CVE-2024-5693 (Medium), CVE-2024-5694 (Medium), CVE-2024-5695 (Medium), CVE-2024-5696 (Medium), CVE-2024-5697 (Low), CVE-2024-5698 (Low), CVE-2024-5699 (Low), CVE-2024-5701 (High)

  • Google Released Security Updates for Chrome (11 Jun 2024)

    Google has released Chrome 126 (126.0.6478.50) for Android, Chrome 126 stable channel for Windows, Mac & Linux, Chrome Stable 126 (126.0.6478.54) for iOS, and Chrome Beta 126 (126.0.6478.50) for Android.
    CVE ID: CVE-2024-5830 (High), CVE-2024-5831 (High), CVE-2024-5832 (High), CVE-2024-5833 (High), CVE-2024-5834 (High), CVE-2024-5835 (High), CVE-2024-5836 (High), CVE-2024-5837 (High), CVE-2024-5838 (High), CVE-2024-5839 (Medium), CVE-2024-5840 (Medium), CVE-2024-5841 (Medium), CVE-2024-5842 (Medium), CVE-2024-5843 (Medium), CVE-2024-5844 (Medium), CVE-2024-5845 (Medium), CVE-2024-5846 (Medium), CVE-2024-5847 (Medium)

  • Vulnerability in XenServer and Citrix Hypervisor (11 Jun 2024)

    A potential Denial of Service (DoS) vulnerability have been discovered in XenServer and Citrix Hypervisor. Citrix has released security update to address this vulnerability. The affected versions are XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR.
    CVE ID: CVE-2024-5661 (Medium)

  • Apple Security Updates (10 Jun 2024)

    Apple has released security updates to resolve multiple vulnerabilities in VisionOS 1.2. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-27817, CVE-2024-27831, CVE-2024-27832, CVE-2024-27801, CVE-2024-27836, CVE-2024-27828, CVE-2024-27840, CVE-2024-27815, CVE-2024-27811, CVE-2024-27800, CVE-2024-27802, CVE-2024-27857, CVE-2024-27844, CVE-2024-27838, CVE-2024-27808, CVE-2024-27812, CVE-2024-27850, CVE-2024-27833, CVE-2024-27851, CVE-2024-27830, CVE-2024-27820

  • Red Hat Security Updates (10 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (07 Jun 2024)

    Google has released Dev channel 127.0.6523.4 for Windows, Mac & Linux.

  • SUSE Security Updates (07 Jun 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in Pichome (07 Jun 2024)

    A file upload vulnerability has been discovered in Pichome that allows to execute arbitrary code via crafted POST request. The affected version is Pichome v.1.1.01.
    CVE ID: CVE-2024-24393 (Critical)

  • Vulnerability in Startklar Elementor Addons plugin for WordPress (06 Jun 2024)

    A directory traversal vulnerability has been discovered in the Startklar Elementor Addons plugin for WordPress. The affected versions are Startklar Elementor Addons plugin for WordPress, all versions up to, and including, 1.7.15.
    CVE ID: CVE-2024-5153 (Critical)

  • Red Hat Security Updates (06 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Cisco Released Security Updates for Cisco Finesse Web-Based Management Interface (05 Jun 2024)

    CISCO has released security updates to resolve multiple vulnerabilities in Cisco Finesse Web-Based Management Interface that allow to perform a stored Cross Site Scripting (XSS) attack by exploiting a Remote File Inclusion (RFI) vulnerability or performing a Server Side Request Forgery (SSRF) attack on an affected system.
    CVE ID: CVE-2024-20404 (Medium), CVE-2024-20405 (Medium)

  • Google Released Security Updates for Chrome (05 Jun 2024)

    Google has released Beta channel OS version 15886.24.0, Browser version 126.0.6478.33 for most ChromeOS devices, Stable channel 126.0.6478.36 for Windows & Mac, Beta channel 126.0.6478.36 for Windows, Mac & Linux, Chrome Beta 126 (126.0.6478.34) for iOS, Chrome Stable 126 (126.0.6478.35) for iOS and Chrome Beta 126 (126.0.6478.40) for Android.

  • Drupal Security Updates(05 Jun 2024)

    Drupal has released security updates to address access bypass and Denial of Service (DoS) vulnerabilities in Acquia DAM, a third-party library used in it. The affected versions are Acquia DAM prior to 1.0.13 and Acquia DAM 1.1.0 below Acquia DAM 1.1.0-beta3.

  • Vulnerability in LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress (05 Jun 2024)

    A SQL injection vulnerability has been discovered in LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress. The affected versions are LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress, all versions up to, and including, 7.6.2.
    CVE ID: CVE-2024-4743 (Critical)

  • Vulnerability in DeluxeThemes Userpro (05 Jun 2024)

    An improper privilege management vulnerability has been discovered in DeluxeThemes Userpro that allows privilege escalation. The affected versions are DeluxeThemes Userpro from n/a through 5.1.8.
    CVE ID: CVE-2024-35700 (Critical)

  • Red Hat Security Updates (05 Jun 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Mitsubishi Electric's Equipment (04 Jun 2024)

    A Denial of Service (DoS) vulnerability due to OpenSSL vulnerability has been discovered in Mitsubishi Electric's Equipment- CC-Link IE TSN Industrial Managed Switch. The affected versions are CC-Link IE TSN Industrial Managed Switch ”05” and prior. Security Updates are available.
    CVE ID: CVE-2023-2650 (Low)

  • Vulnerability in Uniview's Equipment (04 Jun 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Uniview's Equipment- NVR301-04S2-P4. The affected versions are Uniview NVR301-04S2-P4 prior to NVR-B3801.20.17.240507. The mitigation is available.
    CVE ID: CVE-2024-3850 (Medium)

  • Multiple Vulnerabilities in Fuji Electric's Equipment (04 Jun 2024)

    Multiple vulnerabilities have been discovered in Fuji Electric's Equipment- Monitouch V-SFT that can allow an attacker to execute arbitrary code. The affected versions are Monitouch V-SFT versions prior to 6.2.3.0. The mitigation is available.
    CVE ID: CVE-2024-5271 (High), CVE-2024-34171 (High), CVE-2024-5597 (High)

  • Snowflake Released Steps to Prevent Unauthorized Access  (04 Jun 2024)

    Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake has issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access.

  • Vulnerability in Social Login Lite For WooCommerce plugin for WordPress (04 Jun 2024)

    An authentication bypass vulnerability has been discovered in Social Login Lite For WooCommerce plugin for WordPress. The affected versions are Social Login Lite For WooCommerce plugin for WordPress versions up to, and including, 1.6.0. 
    CVE ID: CVE-2024-4552 (Critical)

  • Vulnerability in XPodas Octopod (04 Jun 2024)

    An authentication bypass vulnerability has been discovered in XPodas Octopod. The affected version is Octopod before v1.
    CVE ID: CVE-2024-1202 (Critical)

  • Vulnerability in Kashipara Billing Software (04 Jun 2024)

    A SQL injection vulnerability has been discovered in Kashipara Billing Software. The affected version is Kashipara Billing Software 1.0.
    CVE ID: CVE-2024-0496 (Critical)

  • Android Security Updates (03 Jun 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-06-05 or later, address all of these issues.
    CVE ID: CVE-2023-21266 (High), CVE-2024-31310 (High), CVE-2024-31316 (High), CVE-2024-31317 (High), CVE-2024-31318 (High), CVE-2024-31319 (High), CVE-2024-31322 (High), CVE-2024-31324 (High), CVE-2024-31325 (High), CVE-2024-31326 (High), CVE-2024-31312 (High), CVE-2024-31314 (High), CVE-2023-21113 (High), CVE-2023-21114 (High), CVE-2024-31311 (High), CVE-2024-31313 (High), CVE-2024-31315 (High), CVE-2024-31323 (High), CVE-2024-31327 (High)

  • Microsoft Edge Security Updates (03 Jun 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 125.0.2535.85) to resolve a vulnerability.
    CVE ID: CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497, CVE-2024-5498, CVE-2024-5499

  • Vulnerability in Login with phone number plugin for WordPress (28 May 2024)

    Authentication bypass vulnerability has been discovered in the Login with phone number plugin for WordPress. The affected versions are Login with phone number plugin for WordPress versions up to, and including, 1.7.26.
    CVE ID: CVE-2024-5150 (Critical)

  • Vulnerability in B&R Automation (27 May 2024)

    It has been discovered FTP uses unsecure encryption mechanism in the B&R Automation Runtime version prior to I4.93 that may allow Man in the Middle (MITM) attacks or to decrypt communications between the affected products and other parties. Security update is available.
    CVE ID: CVE-2024-0323 (Critical)

  • Google Released Security Updates for Chrome (24 May 2024)

    Google has released Chrome Dev 127 (127.0.6493.0) for Android.

  • Microsoft Edge Security Updates (24 May 2024)

    Microsoft has released updated Microsoft Edge Stable Channel (Version 125.0.2535.67) to resolve a vulnerability.
    CVE ID: CVE-2024-5274

  • Vulnerability in Pie Register - Social Sites Login Plugin for WordPress (24 May 2024)

    Authentication bypass vulnerability has been discovered in Pie Register - Social Sites Login (Add on) plugin for WordPress. The affected versions are Pie Register - Social Sites Login (Add on) plugin for WordPress versions up to, and including, 1.7.7.
    CVE ID: CVE-2024-4544 (Critical)

  • Red Hat Security Updates (24 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Hash Form – Drag & Drop Form Builder plugin for WordPress (23 May 2024)

    Authentication bypass vulnerability has been discovered in Hash Form – Drag & Drop Form Builder plugin for WordPress. The affected versions are Hash Form – Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.1.0.
    CVE ID: CVE-2024-5084 (Critical)

  • Multiple Vulnerabilities in AutomationDirect's Equipment (23 May 2024)

    Multiple vulnerabilities have been discovered in AutomationDirect's Equipment- Productivity PLCs that can lead to remote code execution and denial of service. The mitigations are available.
    CVE ID: CVE-2024-24851 (High), CVE-2024-24946 (High), CVE-2024-24947 (High), CVE-2024-24954 (High), CVE-2024-24955 (High), CVE-2024-24956 (High), CVE-2024-24957 (High), CVE-2024-24958 (High), CVE-2024-24959 (High), CVE-2024-24962 (Critical), CVE-2024-24963 (Critical), CVE-2024-22187 (Critical), CVE-2024-23315 (High), CVE-2024-21785 (Critical), CVE-2024-23601 (Critical) 

  • Google Released Security Updates for Chrome (23 May 2024)

    Google has released Chrome 125 (125.0.6422.112/.113) for Android, Extended Stable 124.0.6367.233 for Windows and Mac, Stable channel 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux, and LTS channel version 120.0.6099.312 (Platform Version: 15662.109.0) for most ChromeOS devices.
    CVE ID: CVE-2024-5274 (High), CVE-2024-4761 (High), CVE-2024-4947 (High)

  • Drupal Security Updates (22 May 2024)

    Drupal has released security updates to address an Access bypass vulnerability in Commerce View Receipt module and Email Contact module.

  • Vulnerability in Country State City Dropdown CF7 plugin for WordPress (22 May 2024)

    SQL Injection vulnerability has been discovered in Country State City Dropdown CF7 plugin for WordPress. The affected versions are Country State City Dropdown CF7 plugin for WordPress versions up to, and including, 2.7.2.
    CVE ID: CVE-2024-3495 (Critical)

  • GitLab Security Updates (22 May 2024)

    GitLab has released updated versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-4835 (High), CVE-2024-2874 (Medium), CVE-2023-7045 (Medium), CVE-2023-6502 (Medium), CVE-2024-1947 (Medium), CVE-2024-4367

  • Vulnerability in Business Directory Plugin – Easy Listing Directories for WordPress Plugin (22 May 2024)

    A time-based SQL Injection vulnerability has been discovered in Business Directory Plugin – Easy Listing Directories for WordPress plugin. The affected versions are Business Directory Plugin – Easy Listing Directories for WordPress plugin, all versions up to, and including, 6.4.2.
    CVE ID: CVE-2024-4443 (Critical)

  • CVE - KB Correlation (22 May 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during May 2024.

  • Vulnerability in Business Directory Plugin- Easy Listing Directories for WordPress Plugin (22 May 2024)

    A time-based SQL Injection vulnerability has been discovered in Business Directory Plugin- Easy Listing Directories for WordPress plugin. The affected versions are Business Directory Plugin- Easy Listing Directories for WordPress plugin, all versions up to, and including, 6.4.2.
    CVE ID: CVE-2024-4443 (Critical)

  • Red Hat Security Updates (21 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Build App Online plugin for WordPress (20 May 2024)

    An authentication bypass vulnerability has been discovered in Build App Online plugin for WordPress. The affected versions are Build App Online plugin for WordPress versions up to, and including, 1.0.21.
    CVE ID: CVE-2024-3658 (Critical)

  • Vulnerability Summary (20 May 2024)

    Summary of vulnerabilities for the week of May 13, 2024.

  • Google Released Security Updates for Chrome (20 May 2024)

    Google has released Stable channel 124.0.6367.225 Platform version 15823.60.0 for most ChromeOS devices, Chrome Dev 127 (127.0.6483.0) for Android and Dev channel 127.0.6485.0 for Windows, Mac & Linux.

  • Red Hat Security Updates (20 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Update for Chrome (17 May 2024)

    Google has released Chrome Beta 126 126.0.6478.8 for iOS.

  • Vulnerability in Rockwell Automation's Equipment (16 May 2024)

    An improper input validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk View SE that allows to inject a malicious SQL statement into the SQL database, resulting in exposing sensitive information. The affected versions are FactoryTalk View SE versions prior to 14.0.  The mitigations are available.
    CVE ID: CVE-2024-4609 (High)

  • Vulnerability in Palo Alto Networks Products (16 May 2024)

    The TunnelVision vulnerability has been discovered in Palo Alto Networks products. The mitigations are available.
    CVE ID: CVE-2024-3661 (Low)

  • Microsoft Edge Security Updates (16 May 2024)

    Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.109) and Extended Stable channel (Version 124.0.2478.109) to resolve vulnerabilities.
    CVE ID: CVE-2024-4947, CVE-2024-30056 (High)

  • Red Hat Security Updates (16 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Wireshark (15 May 2024)

    An infinite loops vulnerability has been discovered in Wireshark MONGO and ZigBee TLV dissector. The affected versions are Wireshark 4.2.0 to 4.2.4, Wireshark 4.0.0 to 4.0.14, and Wireshark 3.6.0 to 3.6.22. The mitigations are available.

  • Vulnerability in DigiWin EasyFlow .NET (15 May 2024)

    A SQL injection vulnerability has been discovered in DigiWin EasyFlow .NET that allows unauthorized access to read, modify, and delete database records, as well as execute system commands.
    CVE ID: CVE-2024-4893 (Critical)

  • Drupal Security Update (15 May 2024)

    Drupal has released a security update to resolve an access bypass vulnerability in RESTful Web Services, a third-party library used in it. The affected version is RESTful Web Services module for Drupal 7.

  • Multiple Vulnerabilities in Several Cisco Products (15 May 2024)

    Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
    CVE ID: CVE-2024-20326 (High), CVE-2024-20389 (High), CVE-2024-20366 (High), CVE-2024-20326 (High), CVE-2024-20389 (High), CVE-2024-20391 (Medium), CVE-2024-20369 (Medium), CVE-2024-20256 (Medium), CVE-2024-20257 (Medium), CVE-2024-20258 (Medium), CVE-2024-20383 (Medium), CVE-2024-20392 (Medium), CVE-2024-20394 (Medium)

  • Google Released Security Updates for Chrome (15 May 2024)

    Google has released Dev channel 126.0.6475.0 Platform version: 15886.0.0 for most ChromeOS devices, Chrome 125 125.0.6422.53 for Android, Extended Stable channel 124.0.6367.221 for Windows &Mac, Chrome Beta 125 125.0.6422.53 for Android and Chrome 125 stable channel 125.0.6422.60 for Linux &125.0.6422.60/.61 for Windows &Mac to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-4947 (High), CVE-2024-4948 (High), CVE-2024-4949 (Medium), CVE-2024-4950 (Low)

  • Red Hat Security Updates (15 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Mozilla Released Security Updates (15 May 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.11. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-4367 (High), CVE-2024-4767 (Medium), CVE-2024-4768 (Medium), CVE-2024-4769 (Medium), CVE-2024-4770 (Medium), CVE-2024-4777 (Medium)

  • Microsoft Edge Security Update (14 May 2024)

    Microsoft has released updated Microsoft Edge Stable Channel and Extended Stable Channels Version 124.0.2478.105 to resolve a vulnerability.
    CVE ID: CVE-2024-4761

  • Multiple Vulnerabilities in Siemens Products (14 May 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.
    CVE ID: CVE-2024-22039 (Critical), CVE-2024-27939 (Critical), CVE-2024-21762 (Critical), CVE-2024-23113 (Critical), CVE-2022-37454 (Critical), CVE-2022-47629 (Critical), CVE-2024-32740 (Critical), CVE-2024-32741 (Critical), CVE-2024-32742 (Critical), CVE-2023-3935 (Critical), CVE-2024-22039 (Critical), CVE-2024-33499 (Critical), CVE-2024-30209 (Critical)

  • Adobe Dreamweaver Security Update (14 May 2024)

    Adobe has released a security update to resolve arbitrary code execution in Adobe Dreamweaver.
    CVE ID: CVE-2024-30314  (Critical)

  • Microsoft Released May 2024 Security Updates (14 May 2024)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Adobe Released Security Updates (14 May 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.

  • CISA Release Guidance for Mitigating Cyber Threats with Limited Resources (14 May 2024)

    Cybersecurity and Infrastructure Security Agency (CISA), in partnership with other organizations, has released cybersecurity guidance to protect High  Risk Community (HRC) entities such as civil society organizations and individuals. Additionally, the guide encourages software manufacturers to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable people and HRC.

  • Vulnerability in Rockwell Automation's Equipment (14 May 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Rockwell Automation's Equipment- Factory Talk Remote Access. The affected versions are FactoryTalk Remote Access v13.5.0.174 and prior. The mitigations are available.
    CVE ID: CVE-2024-3640 (Medium)

  • Vulnerability in Subnet Solutions Inc.'s Equipment (14 May 2024)

    A vulnerability has been discovered in Subnet Solutions Inc.'s Equipment- PowerSYSTEM Center that allows privilege escalation, Denial of Service (DoS) or arbitrary code execution. The affected versions are PowerSYSTEM Center Update 19 and prior. The mitigations are available.
    CVE ID: CVE-2024-28042 (High)

  • Vulnerability in Johnson Controls' Equipment (14 May 2024)

    An insertion of sensitive information into a log file vulnerability has been discovered in Johnson Controls' Equipment- Software House C?CURE 9000 that allows, to access credentials used for access to the application. The affected version is Software House C?CURE 9000: v3.00.2. The mitigations are available.
    CVE ID: CVE-2024-0912 (High)

  • Fortinet Released Security Updates (14 May 2024)

    Fortinet has released security updates to address vulnerabilities in FortiOS. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-46714 (Medium), CVE-2023-44247 (Medium), CVE-2023-36640 (Medium), CVE-2023-45583 (Medium), CVE-2024-26007 (Medium), CVE-2023-45586 (Medium)

  • Google Released Security Updates for Chrome (14 May 2024)

    Google has released Stable channel 124.0.6367.219 (Platform version: 15823.58.0) for most ChromeOS devices, Dev channel 126.0.6468.2 for Windows, Mac &Linux.

  • Multiple Vulnerabilities in Mitsubishi Electric Products (14 May 2024)

    Multiple vulnerabilities have been discovered in Jungo's WinDriver affecting several Mitsubishi Electric FA engineering software products. The mitigations are available.
    CVE ID: CVE-2023-51777 (Medium), CVE-2023-51778 (Medium), CVE-2024-22102 (Medium), CVE-2024-22103 (Medium), CVE-2024-22104 (Medium), CVE-2024-22105 (Medium), CVE-2024-25087 (Medium), CVE-2023-51776 (Medium), CVE-2024-25086 (Medium), CVE-2024-25088 (Medium), CVE-2024-26314 (Medium), CVE-2024-22106 (Medium)

  • Vulnerability Summary (13 May 2023)

    Summary of vulnerabilities for the week of May 06, 2024.

  • Red Hat Security Updates (13 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Apple Security Update (13 May 2024)

    Apple has released security updates to address multiple vulnerabilities in Safari 17.5, iOS 17.5, iPadOS 17.5, iOS 16.7.8, iPadOS 16.7.8, macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, watchOS 10.5, and tvOS 17.5. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2024-27834, CVE-2024-27804, CVE-2024-27816, CVE-2024-27841, CVE-2024-27839, CVE-2024-27818, CVE-2023-42893, CVE-2024-27810, CVE-2024-27852, CVE-2024-27835, CVE-2024-27803, CVE-2024-27821, CVE-2024-27847, CVE-2024-27796, CVE-2024-27834, CVE-2024-27789, CVE-2024-23296, CVE-2024-27804, CVE-2024-27837, CVE-2024-27825, CVE-2024-27829, CVE-2024-23236, CVE-2024-27827, CVE-2024-27822, CVE-2024-27824, CVE-2024-27813, CVE-2024-27816, CVE-2024-27843, CVE-2024-27842, CVE-2023-42861, CVE-2024-23229

  • Google Released Security Updates for Chrome (13 May 2024)

    Google has released Chrome 124 (124.0.6367.179) for Android, LTS channel version 120.0.6099.310 (Platform Version: 15662.107.0) for most ChromeOS devices, Stable channel 124.0.6367.207/.208 for Mac, Windows and 124.0.6367.207 for Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-4761 (High), CVE-2024-4331 (High), CVE-2024-0409 (High), CVE-2023-25584 (High), CVE-2024-24806 (High), CVE-2024-21626 (High)

  • Black Basta Ransomware (10 May 2024)

    It has been discovered that Black Basta ransomware affiliates use common initial access techniques such as phishing &exploiting known vulnerabilities and then employ a double-extortion model, both encrypting systems and exfiltrating data. Ransomware affiliates use tools such as BITSAdmin &PsExec, along with Remote Desktop Protocol (RDP), for lateral movement.

  • Microsoft Edge Security Updates (10 May 2024)

    Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.97) and Extended Stable channel (Version 124.0.2478.97) to resolve vulnerabilities.
    CVE ID: CVE-2024-30055 (Medium), CVE-2024-4671 

  • Red Hat Security Updates (10 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • CISA Alert to Choose Secure and Verifiable Technologies (09 May 2024)

    Cybersecurity Infrastructure Security Agency (CISA) has released secure by design alert to choose secure and verifiable technologies impacting Critical Infrastructure Sectors.

  • GitLab Security Updates (09 May 2024)

    GitLab has released updated versions 116.9.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • Google Released Security Updates for Chrome (09 May 2024)

    Google has released Stable channel 124.0.6367.154 Platform version: 15823.51.0 for most ChromeOS devices, Chrome Dev 126 126.0.6465.0 for Android and Stable channel 124.0.6367.201/.202 for Mac &Windows &124.0.6367.201 for Linux to resolve use after free vulnerability.
    CVE ID: CVE-2024-4671 (High)

  • GitLab Security Update (09 May 2024)

    GitLab has released updated version 16.9.8 for GitLab Community Edition and Enterprise Edition.

  • Vulnerability in Alpitronic's Equipment Hypercharger EV Charger (09 May 2024)

    Use of default credentials vulnerability has been discovered in Alpitronic's Equipment- Hypercharger EV charger that can result in an attacker disabling the device, bypassing payment, or accessing payment data. All versions of Hypercharger EV charger are affected. The mitigation is available.
    CVE ID: CVE-2024-4622 (High)

  • Multiple Vulnerabilities in Rockwell Automation's Equipment (09 May 2024)

    Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- FactoryTalk Historian SE that can cause a Denial of Service (DoS) condition. The affected versions are FactoryTalk Historian SE versions v9.0 and prior. The mitigations are available.
    CVE ID: CVE-2023-31274 (High), CVE-2023-34348 (High)

  • Vulnerability in Delta Electronics' Equipment (09 May 2024)

    A deserialization of untrusted data vulnerability has been discovered in Delta Electronics' Equipment- InfraSuite Device Master that allows Remote Code Execution (RCE). The affected versions are InfraSuite Device Master versions 1.0.10 and prior. The mitigations are available.
    CVE ID: CVE-2023-46604 (Critical)

  • Red Hat Security Updates (09 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Heateor Social Login WordPress Plugin (08 May 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Heateor Social Login WordPress plugin. The affected products are Heateor Social Login WordPress versions prior to 1.1.32.
    CVE ID: CVE-2024-32674 (Medium)

  • Apple Security Update (08 May 2024)

    Apple has released security update to address an arbitrary code execution vulnerability in iTunes 12.13.2 for Windows. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-27793

  • GitLab Security Updates (08 May 2024)

    GitLab has released updated versions 16.11.2, 16.10.5, and 16.9.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • Google Released Security Updates for Chrome (08 May 2024)

    Google has released Chrome Beta 125 125.0.6422.32 for iOS, Dev channel 126.0.6455.0 Platform version: 15879.0.0 for most ChromeOS devices, Chrome 125 125.0.6422.34 for Android, Stable channel 125.0.6422.41 for Windows &Mac, Beta channel 125.0.6422.41 for Windows, Mac &Linux, Chrome Stable 125 125.0.6422.33 for iOS and Chrome Beta 125 125.0.6422.34 for Android.

  • Vulnerability in Social Connect plugin for WordPress (07 May 2024)

    Authentication bypass vulnerability has been discovered in Social Connect plugin for WordPress. The affected versions are Social Connect plugin for WordPress versions up to, and including, 1.2.
    CVE ID: CVE-2024-4393 (Critical)

  • Vulnerability in Startklar Elementor Addons plugin for WordPress (07 May 2024)

    Arbitrary file deletion vulnerability has been discovered in Startklar Elementor Addons plugin for WordPress. The affected versions are Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.13.
    CVE ID: CVE-2024-4346 (Critical)

  • Vulnerability in Build App Online plugin for WordPress (07 May 2024)

    Authentication bypass vulnerability has been discovered in Build App Online plugin for WordPress. The affected versions are Build App Online plugin for WordPress for WordPress versions up to, and including, 3.0.5.
    CVE ID: CVE-2024-4186 (Critical)

  • Vulnerability in Subnet Solutions Inc.'s Equipment (07 May 2024)

    Reliance on Insufficiently Trustworthy Component vulnerability has been discovered in Subnet Solutions Inc.'s Equipment- Substation Server. The affected versions are Substation Server 2.23.10 and prior. The mitigations are available.
    CVE ID: CVE-2024-26024 (High)

  • Vulnerability in PTC's Equipment (07 May 2024)

    Cross-site Scripting vulnerability has been discovered in PTC's Equipment- Codebeamer that allows an attacker to inject malicious code in the application. The affected versions are Codebeamer: version 22.10 SP9 and prior, Codebeamer: version 2.0.0.3 and prior, and Codebeamer: version 2.1.0.0. The mitigations are available.
    CVE ID: CVE-2024-3951 (High)

  • Google Released Security Updates for Chrome (07 May 2024)

    Google has released Chrome 124 (124.0.6367.159) for Android, Stable channel 124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux
    CVE ID: CVE-2024-4558 (High), CVE-2024-4559 (High)

  • Red Hat Security Updates (07 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Android Security Updates (06 May2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-05-05 or later, address all of these issues.
    CVE ID: CVE-2024-0024 (High), CVE-2024-0025 (High), CVE-2024-23705 (High), CVE-2024-23708 (High), CVE-2024-23706 (Critical), CVE-2024-0043 (High), CVE-2024-23707 (High), CVE-2024-23709 (High), CVE-2023-4622 (High), CVE-2023-6363 (High), CVE-2024-1067 (High), CVE-2024-1395 (High), CVE-2023-32871 (High), CVE-2023-32873 (High), CVE-2024-20056 (High), CVE-2024-20057 (High), CVE-2024-21471 (High), CVE-2024-21475 (High), CVE-2024-23351 (High), CVE-2024-23354 (High), CVE-2023-33119 (High), CVE-2023-43529 (High), CVE-2023-43530 (High), CVE-2023-43531 (High), CVE-2024-21477 (High), CVE-2024-21480 (High)

  • Moxa Security Update (06 May 2024)

    Moxa has released a security update to address a Store Cross Site Scripting (XSS) vulnerability in NPort 5100A Series. The affected versions are NPort 5100A Series prior to version 1.6.
    CVE ID: CVE-2024-3576 (High)

  • Red Hat Security Updates (06 May 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (03 May 2024)

    Google has released Dev channel 126.0.6452.3 for Windows, Mac &Linux and Chrome Dev 126 (126.0.6452.4) for Android.

  • Microsoft Edge Security Updates (02 May 2024)

    Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.80) to resolve a vulnerability. 

  • Multiple Vulnerabilities in CyberPower's Equipment (02 May 2024)

    Multiple vulnerabilities have been discovered in CyberPower's Equipment- PowerPanel. The affected versions are PowerPanel 4.9.0 and prior. The mitigations are available.
    CVE ID: CVE-2024-34025 (Critical), CVE-2024-33615 (High), CVE-2024-32053 (Critical), CVE-2024-32047 (Critical), CVE-2024-32042 (Medium), CVE-2024-31856 (High), CVE-2024-31410 (Medium), CVE-2024-31409 (Medium)

  • Multiple Vulnerabilities in Delta Electronics' Equipment (02 May 2024)

    Multiple vulnerabilities have been discovered in Delta Electronics' equipment- DIAEnergie. The affected version is DIAEnergie v1.10.00.005. The mitigations are available.
    CVE ID: CVE-2024-34031 (High), CVE-2024-34032 (High), CVE-2024-34033 (High)

  • Multiple Vulnerabilities in Jenkins (02 May 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2024-34144 (High), CVE-2024-34145 (High), CVE-2024-34146 (Medium), CVE-2024-34147 (Low), CVE-2024-34148 (Medium)

  • CISA Alert to Eliminate Directory Traversal Vulnerabilities in Software (02 May 2024)

    Cybersecurity Infrastructure Security Agency (CISA) has released secure by design alert to eliminate directory traversal vulnerabilities in Software impacting Critical Infrastructure Sectors (CIIs).
    CVE ID: CVE-2024-1708(High), CVE-2024-20345 (Medium)

  • Google Released Security Updates for Chrome (02 May 2024)

    Google has released Chrome Beta 125 125.0.6422.26 for Android, Beta channel 125.0.6422.26 for Windows, Mac &Linux, Chrome Beta 125 125.0.6422.21 for iOS and Chrome Stable 124 124.0.6367.111 for iOS.

  • SonicWall Security Updates (01 May 2024)

    SonicWall has released security updates to address multiple vulnerabilities in SonicWall GMS (Virtual Appliance, Windows). The affected versions are GMS (Virtual Appliance, Windows) - 9.3.4 and earlier versions.
    CVE ID: CVE-2024-29010 (High), CVE-2024-29011 (High)

  • Google Released Security Update for Chrome (01 May 2024)

    Google has released Stable channel 124.0.6367.95 Platform version: 15823.40.0 for most ChromeOS devices.

  • Cisco Released Security Updates for IP Phone (01 May 2024)

    CISCO has released security updates for IP Phone 6800, 7800, and 8800 series to resolve multiplatform firmware vulnerabilities that can cause a Denial of Service (DoS) condition, gain unauthorized access, or allow to view sensitive information on an affected system.
    CVE ID: CVE-2024-20357, CVE-2024-20376, CVE-2024-20378

  • Hacktivists Target and Compromise OT &ICS System's Operations (01 May 2024)

    It has been observed that hacktivists target and compromise small-scale Operational Technology (OT) systems and the Internet exposed Industrial Control Systems (ICS) operations through their software components, such as Human Machine Interfaces (HMIs), by exploiting Virtual Network Computing (VNC) remote access software and default passwords for malicious activities.

  • HPE Aruba Networking Security Updates (30 Apr 2024)

    HPE Aruba Networking has released security updates to address multiple vulnerabilities in its products.
    CVE ID: CVE-2024-26304 (Critical), CVE-2024-26305 (Critical), CVE-2024-33511 (Critical), CVE-2024-33512 (Critical), CVE-2024-33513 (Medium), CVE-2024-33514 (Medium), CVE-2024-33515 (Medium), CVE-2024-33516 (Medium), CVE-2024-33517 (Medium), CVE-2024-33518 (Medium)

  • Google Released Security Updates for Chrome (30 Apr 2024)

    Google has released Chrome 124 (124.0.6367.113) for Android, Beta channel OS version: 15853.16.0 Browser version: 125.0.6422.19 for most ChromeOS devices and Stable channel 124.0.6367.118/.119 for Windows &Mac &124.0.6367.118 for Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-4331 (High), CVE-2024-4368 (High)

  • Google Released Security Updates for Chrome (29 Apr 2024)

    Google has released Beta channel ChromeOS version 15823.40.0 with Chrome Browser version 124.0.6367.95 for most ChromeOS devices and Long Term Support (LTS) Channel to 120.0.6099.309, Platform Version: 15662.105.0 for most ChromeOS devices to resolve critical vulnerability.
    CVE ID: CVE-2024-4058 (Critical)

  • CISCO Security Updates for Cisco ASA Devices and FTD Software (24 Apr 2024)

    CISCO has released security updates to address ArcaneDoor exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20353 (High), CVE-2024-20358 (Medium), CVE-2024-20359 (High)

  • Google Released Security Updates for Chrome (24 Apr 2024)

    Google has released Chrome Beta 125 (125.0.6422.14) for iOS, Chrome Beta 125 (125.0.6422.14) for Android,  Beta channel to 125.0.6422.14 for Windows, Mac &Linux, Dev channel to OS version: 15853.9.0 Browser version: 125.0.6422.10 for most ChromeOS devices, Chrome 124 (124.0.6367.82) for Android and Stable channel 124.0.6367.78/.79 for Windows &Mac &124.0.6367.78 to Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-4058 (Critical), CVE-2024-4059 (High), CVE-2024-4060 (High)

  • Security Updates for CISCO Product (19 Apr 2024)

    CISCO has released security updates to address command injection vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC).
    CVE ID: CVE-2024-20356 (High)

  • Security Updates for CISCO Product (19 Apr 2024)

    CISCO has released security updates to resolve a command injection vulnerability in the Command Line Interface (CLI) of the Cisco Integrated Management Controller (IMC).
    CVE ID: CVE-2024-20295 (High)

  • Vulnerability in Ai3 QbiBot (15 Apr 2024)

    A vulnerability has been discovered in the password reset feature of Ai3 QbiBot due to lack of proper access control that allows adversaries to reset any user's password.
    CVE ID: CVE-2024-3777 (Critical)

  • Multiple Vulnerabilities in BUFFALO Wireless LAN Routers (15 Apr 2024)

    OS command injection and plaintext storage of password vulnerabilities have been discovered in BUFFALO wireless LAN routers. Security updates are available.
    CVE ID: CVE-2024-23486 (Medium), CVE-2024-26023 (Medium)

  • Red Hat Security Updates (15 Apr 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Palo Alto Networks Released Security Updates (12 Apr 2024)

    Palo Alto Networks has released security updates to resolve a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS. The affected versions are PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1.
    CVE ID: CVE-2024-3400 (Critical)

  • Juniper Networks Security Updates (12 Apr 2024)

    Juniper Networks has released security updates to address a stack based buffer overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved.
    CVE ID: CVE-2024-30394 (High)

  • Google Released Security Updates for Chrome (12 Apr 2024)

    Google has released Chrome Dev 125 (125.0.6412.0) for Android and Beta channel 124.0.6367.49 for Windows, Mac &Linux.

  • Red Hat Security Updates (12 Apr 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • CVE - KB Correlation (12 Apr 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during April 2024.

  • Juniper Networks Security Updates (11 Apr 2024)

    Juniper Networks has released security updates to address multiple vulnerabilities in Juniper Networks Junos OS and Junos OS Evolved.
    CVE ID: CVE-2023-38545 (Critical), CVE-2023-38546 (Low), CVE-2023-23914 (Critical), CVE-2023-23915 (Medium), CVE-2020-8284 (Low), CVE-2020-8285 (High), CVE-2020-8286 (High), CVE-2018-1000120 (Critical), CVE-2018-1000122 (Critical)

  • Multiple Vulnerabilities in Citrix Hypervisor and Intel (11 Apr 2024)

    Multiple vulnerabilities have been discovered in XenServer and Citrix Hypervisor. Citrix has released security updates to address these vulnerabilities.
    CVE ID: CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142

  • Rockwell Automation Security Update (11 Apr 2024)

    Rockwell Automation has released a security update to address an input validation vulnerability in Rockwell Automation's 5015-AENFTXT. The affected versions are 5015-AENFTXT: v35 and prior to v2.12.1.
    CVE ID: CVE-2024-2424 (High)

  • Google Released Security Updates for Chrome (11 Apr 2024)

    Google has released Chrome 124 (124.0.6367.42) for Android and Chrome Beta 124 (124.0.6367.42) for Android.

  • Multiple Vulnerabilities in a-blog cms (10 Apr 2024)

    Multiple vulnerabilities have been discovered in a-blog cms. The affected versions are a-blog cms Ver.3.1.x series prior to Ver.3.1.12, a-blog cms Ver.3.0.x series prior to Ver.3.0.32, a-blog cms Ver.2.11.x series prior to Ver.2.11.61, a-blog cms Ver.2.10.x series prior to Ver.2.10.53.
    CVE ID: CVE-2024-30419 (Medium), CVE-2024-30420 (Medium), CVE-2024-31394 (Medium), CVE-2024-31395 (Medium), CVE-2024-31396 (Medium)

  • Palo Alto Networks Released Security Updates (10 Apr 2024)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in the Palo Alto Networks PAN-OS.
    CVE ID: CVE-2024-3383 (High), CVE-2024-3385 (High), CVE-2024-3382 (High), CVE-2024-3384 (High), CVE-2024-3386 (Medium), CVE-2024-3387 (Medium), CVE-2024-3388 (Medium)

  • GitLab Security Updates (10 Apr 2024)

    GitLab has released updated versions 16.10.2, 16.9.4, and 16.8.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2024-3092 (High), CVE-2024-2279 (High), CVE-2023-6489 (Medium), CVE-2023-6678 (Medium)

  • Multiple Vulnerabilities in Siemens Products (09 Apr 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigation to resolve vulnerabilities.
    CVE ID: CVE-2023-35980 (Critical), CVE-2023-35981 (Critical), CVE-2023-35982 (Critical), CVE-2023-42789 (Critical), CVE-2024-21762 (Critical), CVE-2024-23113 (Critical), CVE-2023-45614 (Critical), CVE-2023-45615 (Critical), CVE-2023-45616 (Critical)

  • Schneider Electric Security Updates (09 Apr 2024)

    Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-2747 (High), CVE-2023-5629 (High), CVE-2023-5630 (Medium), CVE-2023-6032 (Medium)

  • Adobe Security Updates (09 Apr 2024)

    Adobe has released security updates to address multiple critical, high, and medium vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20758 (Critical), CVE-2024-20759 (High), CVE-2024-20772 (High), CVE-2024-20771 (Medium), CVE-2024-20798 (Medium), CVE-2024-20797 (High), CVE-2024-20795 (High), CVE-2024-20796 (Medium), CVE-2024-20794 (Medium), CVE-2024-20737 (Medium), CVE-2024-20770 (Medium), CVE-2024-26047 (Medium), CVE-2024-26076 (Medium), CVE-2024-26079 (Medium), CVE-2024-26084 (Medium), CVE-2024-26087 (Medium), CVE-2024-26097 (Medium), CVE-2024-26098 (Medium), CVE-2024-26122 (Medium), CVE-2024-20778 (Medium), CVE-2024-20779 (Medium), CVE-2024-20780 (Medium), CVE-2024-26046 (Medium)

  • Microsoft Released March 2024 Security Updates (09 Apr 2024)

    Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Fortinet Released Security Updates for Multiple Products (09 Apr 2024)

    Fortinet has released security updates to address vulnerabilities in FortiClientMac, FortiClient Linux, FortiOS &FortiProxy. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-45590 (Critical), CVE-2023-45588 (High), CVE-2024-31492 (High), CVE-2023-48784 (Medium), CVE-2023-41677 (High), CVE-2024-23662 (High)

  • Vulnerability in SUBNET Solutions Inc.'s Equipment (09 Apr 2024)

    A reliance on insufficiently trustworthy component vulnerability has been discovered in SUBNET Solutions Inc.'s Equipments- PowerSYSTEM Server &Substation Server 2021 that allows privilege escalation, Denial of Service (DoS) or arbitrary code execution . The affected versions are PowerSYSTEM Server 4.07.00 and prior and Substation Server 2021 4.07.00 and prior. Mitigation is available.
    CVE ID: CVE-2024-3313 (High)

  • Vulnerability in OpenSSL (08 Apr 2024)

    A vulnerability has been discovered in OpenSSL that can cause unbounded memory growth when processing TLSv1.3 sessions, leading to a Denial of Service (DoS) attack. The affected versions are OpenSSL 3.2, 3.1, 3.0 &1.1.1. Security updates are available.
    CVE ID: CVE-2024-2511 (Low)

  • Google Released Security Updates for Chrome (05 Apr 2024)

    Google has released Dev channel 125.0.6396.3 for Windows, Mac and Linux.

  • Microsoft Edge Security Updates (04 Apr 2024)

    Microsoft has released the updated Microsoft Edge Stable Channel (Version 123.0.2420.81) and Extended Stable Channel (Version 122.0.2365.120).
    CVE ID: CVE-2024-29981 (Medium), CVE-2024-29049 (Medium)

  • Apache Security Updates (04 Apr 2024)

    Apache has released security updates to address HTTP response splitting and memory exhaustion vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP Server through 2.4.58.
    CVE ID: CVE-2023-38709 (Medium), CVE-2024-24795 (Low), CVE-2024-27316 (Medium)

  • Red Hat Security Updates (04 Apr 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Hitachi Energy's Equipment Asset Suite 9(04 Apr 2024)

    An improper authentication vulnerability has been discovered in Hitachi Energy's Equipment- Asset Suite 9. The affected versions are Asset Suite prior to 9.6.3.13 and Asset Suite prior to 9.6.4.1. The mitigation is available.
    CVE ID: CVE-2024-2244 (Medium)

  • Vulnerability in Schweitzer Engineering Laboratories' Equipment SEL 700 Series Relays (04 Apr 2024)

    Inclusion of undocumented features vulnerability has been discovered in Schweitzer Engineering Laboratories' Equipment- SEL 700 series relays. The mitigations are available.
    CVE ID: CVE-2024-2103 (Medium)

  • Red Hat Security Updates (04 Apr 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (03 Apr 2024)

    Google has released Chrome Beta 124 (124.0.6367.26) for iOS, Chrome Beta 124 (124.0.6367.28) for Android, Beta channel 124.0.6367.29 for Windows, Mac &Linux and Beta channel ChromeOS version 15823.16.0 with Chrome Browser version 124.0.6367.24 for most ChromeOS devices.

  • Vulnerability in SiYuan (03 Apr 2024)

    A Server Side Cross Site Scripting (XSS) vulnerability has been discovered in SiYuan that allows execution of arbitrary commands on the server. The affected version is SiYuan version 3.0.3. 
    CVE ID: CVE-2024-2692 (Critical)

  • Mozilla Released Security Updates (02 Apr 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Firefox for iOS 124. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-31393 (Medium), CVE-2024-31392 (Low)

  • Google Released Security Updates for Chrome (02 Apr 2024)

    Google has released Chrome 123 (123.0.6312.99) for Android, Extended Stable 122.0.6261.156 for Windows &Mac, Stable channel OS version: 15786.41.0 Browser version: 123.0.6312.94 for most ChromeOS devices and Stable channel 123.0.6312.105/.106/.107 for Windows &Mac, Stable channel 123.0.6312.105 for Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-3156 (High), CVE-2024-3158 (High), CVE-2024-3159 (High)

  • VMware Security Updates (02 Apr 2024)

    VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-22246 (High), CVE-2024-22247 (Medium), CVE-2024-22248 (High)

  • Android Security Updates (01 Apr 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-04-05 or later, address all of these issues.
    CVE ID: CVE-2024-23710 (High), CVE-2024-23713 (High), CVE-2024-0022 (High), CVE-2024-23712 (High), CVE-2024-23704 (High), CVE-2023-21267 (High), CVE-2024-0026 (High), CVE-2024-0027 (High), CVE-2024-20039 (High), CVE-2024-20040 (High), CVE-2023-32890 (High), CVE-2024-0042 (High), CVE-2024-21468 (High), CVE-2024-21472 (High), CVE-2023-28582 (Critical), CVE-2023-28547(High), CVE-2023-33023(High), CVE-2023-33084(High), CVE-2023-33086(High), CVE-2023-33095(High), CVE-2023-33096(High), CVE-2023-33099(High), CVE-2023-33100(High), CVE-2023-33101(High), CVE-2023-33103(High), CVE-2023-33104(High), CVE-2023-33115(High), CVE-2024-21463(High)

  • Vulnerability in Totolink (01 Apr 2024)

    An improper access control vulnerability has been discovered in Totolink. The affected version is Totolink N350RT 9.3.5u.6265. 
    CVE ID: CVE-2024-0570 (Critical)

  • Vulnerability in Totolink (01 Apr 2024)

    An information disclosure vulnerability has been discovered in Totolink. The affected version is Totolink T8 4.1.5cu.833_20220905. 
    CVE ID: CVE-2024-0569 (Critical)

  • Red Hat Security Updates (01 Apr 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in XZ Utils Data Compression Library (29 Mar 2024)

    It has been discovered that malicious code is embedded in XZ Utils versions 5.6.0 and 5.6.1 that may allow unauthorised access to affected systems.  XZ Utils is data compression software and may be present in Linux distributions. Fedora Linux 40 beta does contain these two affected versions of xz libraries.
    CVE ID: CVE-2024-3094 (Critical)

  • Google Released Security Updates for Chrome (28 Mar 2024)

    Google has released Dev channel ChromeOS version 15823.11.0 with Chrome Browser version 124.0.6367.18 for most ChromeOS devices, Dev channel 125.0.6382.3 for Windows, Mac &Linux, Chrome Dev 125 (125.0.6379.6) for Android, and Chrome Beta 124 (124.0.6367.18) for Android.

  • Multiple Vulnerabilities in Several Cisco Products (27 Mar 2024)

    Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
    CVE ID: CVE-2024-20303 (High), CVE-2024-20311 (High), CVE-2024-20312 (High), CVE-2024-20313 (High), CVE-2024-20314 (High), CVE-2024-20276 (High), CVE-2024-20307 (High), CVE-2024-20308 (High), CVE-2024-20259 (High), CVE-2024-20265 (High), CVE-2024-20271 (High), CVE-2024-20324 (Medium), CVE-2024-20306 (Medium), CVE-2024-20278 (Medium), CVE-2024-20316 (Medium), CVE-2024-20333 (Medium), CVE-2024-20309 (Medium), CVE-2024-20354 (Medium)

  • Red Hat Security Updates (27 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (26 Mar 2024)

    Google has released Beta channel 123.0.6312.79 (Platform version: 15786.37.0) for most ChromeOS devices, LTS (Long Term Support) channel version 114.0.5735.358 (Platform Version: 15437.98.0) for most ChromeOS devices, Chrome 123 (123.0.6312.80) for Android, Extended Stable channel 122.0.6261.148 for Windows and Mac, Stable channel 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux.
    CVE ID: CVE-2024-1284 (High), CVE-2024-2883 (Critical), CVE-2024-2885 (High), CVE-2024-2886 (High), CVE-2024-2887 (High)

  • Multiple Vulnerabilities in AutomationDirect's Equipment (26 Mar 2024)

    Multiple vulnerabilities have been discovered in AutomationDirect's Equipment- C-MORE EA9 HMI that allow an attacker to exploit a remote device and inject malicious code on the panel. The mitigations are available.
    CVE ID: CVE-2024-25136 (High), CVE-2024-25137 (Medium), CVE-2024-25138 (Medium)

  • Multiple Vulnerabilities in Rockwell Automation's Equipment (26 Mar 2024)

    Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- PowerFlex 527 that can crash the device and require a manual restart to recover. The affected versions are PowerFlex 527 versions v2.001.x and later. The mitigations are available.
    CVE ID: CVE-2024-2425 (High), CVE-2024-2426 (High), CVE-2024-2427 (High)

  • Multiple Vulnerabilities in Rockwell Automation's Equipment (26 Mar 2024)

    Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- Arena Simulation Software that can crash the application or allow an attacker to run harmful code on the system. The affected version is Arena Simulation Software version 16.00. The mitigations are available.
    CVE ID: CVE-2024-21912 (High), CVE-2024-21913 (High), CVE-2024-2929 (High), CVE-2024-21918 (High), CVE-2024-21919 (High), CVE-2024-21920 (Medium)

  • Vulnerability in Rockwell Automation's Equipment (26 Mar 2024)

    Cross-site Scripting vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk View ME that can lead to the loss of view or control of the PanelView product. The affected versions are FactoryTalk View ME prior to v14. The mitigations are available.
    CVE ID: CVE-2024-21914 (Medium), CVE-2024-21914 (Medium)

  • Apple Security Updates (25 Mar 2024)

    Apple has released security updates to address multiple vulnerabilities in Safari 17.4.1, macOS Sonoma 14.4.1, and macOS Ventura 13.6.6. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-1580

  • Mozilla Released Security Updates (22 Mar 2024)

    Mozilla has released a security updates to address a vulnerabilities in Firefox ESR 115.9.1, and Firefox 124.0.1. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-29944 (Critical), CVE-2024-29943 (Critical)

  • Red Hat Security Updates (19 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • CVE - KB Correlation (19 Mar 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during March 2024.

  • Google Released Security Updates for Chrome (15 Mar 2024)

    Google has released Dev channel 124.0.6356.6 for Windows, Mac and Linux.

  • Multiple Vulnerabilities in Mitsubishi Electric Products (14 Mar 2024)

    Multiple vulnerabilities have been discovered in MELSEC Series CPU modules and MELSEC-Q/L Series CPU modules of Mitsubishi Electric. The mitigations are available.
    CVE ID: CVE-2024-0802 (Critical), CVE-2024-0803 (Critical), CVE-2024-1915 (Critical), CVE-2024-1916 (Critical), CVE-2024-1917 (Critical), CVE-2023-1424 (Critical)

  • SonicWall Security Updates (13 Mar 2024)

    SonicWall has released security updates to address multiple vulnerabilities in SonicOS and SonicWall Email. 
    CVE ID: CVE-2024-22396 (Medium), CVE-2024-22397 (Medium), CVE-2024-22398 (Medium)

  • Google Released Security Updates for Chrome (13 Mar 2024)

    Google has released Stable channel 123.0.6132.46 for Windows &Mac, Beta channel 123.0.6312.46 for Windows, Mac &Linux, Chrome Beta 123 (123.0.6312.40) for Android and Beta channel 123.0.6312.36 (Platform version: 15786.22.0) for most ChromeOS devices.

  • Apple Security Updates (12 Mar 2024)

    Apple has released security updates to address an use-after-free vulnerability in GarageBand 10.4.11. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2024-23300

  • Adobe Released Security Updates (12 Mar 2024)

    Adobe has released security updates to address multiple critical, high, medium &low vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in Microsoft Azure Product (12 Mar 2024)

    An elevation of privilege vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container.
    CVE ID: CVE-2024-21400 (Critical)

  • Vulnerability in Microsoft Product Open Management Infrastructure (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Open Management Infrastructure (OMI).
    CVE ID: CVE-2024-21334 (Critical)

  • Vulnerability in Microsoft Message Queuing (MSMQ) (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Message Queuing (MSMQ).
    CVE ID: CVE-2023-36911 (Critical)

  • Vulnerability in Microsoft Message Queuing (MSMQ) (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Message Queuing (MSMQ).
    CVE ID: CVE-2023-36910 (Critical)

  • Vulnerability in Microsoft Message Queuing (MSMQ) (12 Mar 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Microsoft Message Queuing (MSMQ).
    CVE ID: CVE-2023-35385 (Critical)

  • Microsoft Released March 2024 Security Updates (12 Mar 2024)

    Microsoft has released security updates to address multiple critical, high &medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Fortinet Releases Security Updates for Multiple Products (12 Mar 2024)

    Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-47534 (High), CVE-2023-42789 (Critical), CVE-2023-42790 (Critical), CVE-2024-23112 (High), CVE-2023-36554 (High), CVE-2023-48788 (Critical)

  • Adobe Releases Security Updates for Multiple Products (12 Mar 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system. 

  • Google Released Security Updates for Chrome (12 Mar 2024)

    Google has released Chrome 122 (122.0.6261.119) for Android, Chrome Beta 123 (123.0.6312.38) for iOS and Stable channel updated to 122.0.6261.128/.129 for Windows &Mac and 122.0.6261.128 for Linux to resolve security fixes &vulnerability.
    CVE ID: CVE-2024-2400 (High)

  • CISA Publishes SCuBA Hybrid Identity Solutions Guidance (12 Mar 2024)

    Cybersecurity and Infrastructure Security Agency (CISA) developed Hybrid Identity Solutions Guidance for better understanding identity management capabilities, the tradeoffs that exist in various implementation options, and factors that should be considered when making implementation decisions. This solution's guidance also supports the Secure Cloud Business Application (SCuBA) project’s goal of providing guidance to help agencies effectively implement cybersecurity capabilities as organisations migrate from traditional on-premises infrastructure to the cloud.

  • Multiple Vulnerabilities in Siemens Products (12 Mar 2024)

    Multiple critical, high, medium &low vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.

  • Microsoft Released March 2024 Security Updates (11 Mar 2024)

    Microsoft has released security updates to address critical, high, medium &low vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-21334 (Critical), CVE-2024-21400 (Critical)

  • Vulnerability in macOS Miro Desktop (07 Mar 2024)

    Code injection vulnerability has been discovered in macOS Miro Desktop. The affected version is Miro Desktop 0.8.18.
    CVE ID: CVE-2024-23746 (Critical)

  • Vulnerability in Microsoft Azure Kubernetes Service (07 Mar 2024)

    Remote Code Execution vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container. 
    CVE ID: CVE-2024-21376 (Critical)

  • Vulnerability in Microsoft Azure Site Recovery (07 Mar 2024)

    Elevation of Privilege vulnerability has been discovered in Microsoft Azure Site Recovery. 
    CVE ID: CVE-2024-21364 (Critical)

  • Vulnerability in Chirp Systems' Equipment (07 Mar 2024)

    A use of hard-coded credentials vulnerability has been discovered in Chirp Systems' Equipment-Chirp Access, which allows an attacker to take control and gain unrestricted physical access to systems. All versions of Chirp Access are affected.
    CVE ID: CVE-2024-2197 (Critical)

  • VMware Security Updates (07 Mar 2024)

    VMware has released security updates to address a partial information disclosure vulnerability in VMware Cloud Director. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-22256 (Medium)

  • Apple Security Updates (07 Mar 2024)

    Apple has released security updates to address multiple vulnerabilities in Safari 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4, watchOS 10.4, tvOS 17.4, and visionOS 1.1. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2024-23273, CVE-2024-23252, CVE-2024-23254, CVE-2024-23263, CVE-2024-23280, CVE-2024-23284, CVE-2024-23291, CVE-2024-23276, CVE-2024-23227, CVE-2024-23233, CVE-2024-23269, CVE-2024-23288, CVE-2024-23277, CVE-2024-23247, CVE-2024-23248, CVE-2024-23249, CVE-2024-23250, CVE-2024-23244, CVE-2024-23205, CVE-2022-48554, CVE-2022-48553, CVE-2024-23270, CVE-2024-23257, CVE-2024-23258, CVE-2024-23286, CVE-2024-23234, CVE-2024-23266, CVE-2024-23235, CVE-2024-23265, CVE-2024-23225, CVE-2024-23278, CVE-2024-0258, CVE-2024-23279, CVE-2024-23287, CVE-2024-23264, CVE-2024-23285, CVE-2024-23283, CVE-2024-23216, CVE-2024-23262, CVE-2024-23296,CVE-2024-23295,CVE-2024-23220,CVE-2024-23246, CVE-2024-23226

  • Vulnerability in GitHub (06 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. The affected versions are GitHub Enterprise Server prior to 3.12.
    CVE ID: CVE-2024-1374 (Critical)

  • Multiple Vulnerabilities in Several Cisco products (06 Mar 2024)

    Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
    CVE ID: CVE-2024-20338 (High), CVE-2024-20337 (High), CVE-2024-20335 (Medium), CVE-2024-20336 (Medium), CVE-2024-20301 (Medium), CVE-2024-20292 (Medium), CVE-2024-20346 (Medium), CVE-2024-20345 (Medium)

  • Multiple Vulnerabilities in Jenkins (06 Mar 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2023-48795 (Medium), CVE-2024-28149 (High), CVE-2024-28150 (High), CVE-2024-28151 (Medium), CVE-2024-28152 (Medium), CVE-2024-28153 (High), CVE-2024-28154 (Medium), CVE-2024-28155 (Medium), CVE-2024-28161 (Medium), CVE-2024-28162 (Medium), CVE-2024-2215 (Medium), CVE-2024-2216 (Medium), CVE-2024-28156 (High), CVE-2024-28157 (High), CVE-2024-28158 (Medium), CVE-2024-28159 (Medium), CVE-2024-28160 (High)

  • Drupal Security Update (06 Mar 2024)

    Drupal has released security updates to address Access bypass vulnerability in Registration role, a third-party library used in it. The affected versions are Registration role prior to 2.0.1.

  • Google Released Security Updates for Chrome (06 Mar 2024)

    Google has released Chrome Beta 123 (123.0.6312.29) for Android, and Beta channel 123.0.6312.28 for Windows, Mac and Linux.

  • GitLab Security Updates (06 Mar 2024)

    GitLab has released updated versions 16.9.2, 16.8.4, and 16.7.7 for GitLab Community Edition and Enterprise Edition.

  • Red Hat Security Updates (06 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Moxa Security Update (06 Mar 2024)

    Moxa has released security update to address a stack-based buffer overflow vulnerability in the built-in web server of Moxa NPort W2150A/W2250A Series firmware. The affected versions are Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior.
    CVE ID: CVE-2024-1220 (High)

  • Vulnerability in JetBrains (05 Mar 2024)

    Authentication bypass vulnerability has been discovered in JetBrains TeamCity. The affected version is JetBrains TeamCity before 2023.11.4.
    CVE ID: CVE-2024-27198 (Critical)

  • Juniper Networks Security Updates (05 Mar 2024)

    Juniper Networks has released security updates to address an improper handling of exceptional conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved. All versions of Junos OS and Junos OS Evolved are affected.
    CVE ID: CVE-2023-44186 (High)

  • Apple Security Updates (05 Mar 2024)

    Apple has released security updates to address multiple vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An attacker can exploit these vulnerabilities to take control of an affected device.
    CVE ID: CVE-2024-23243, CVE-2024-23225, CVE-2024-23296, CVE-2024-23256

  • Google Released Security Updates for Chrome (05 Mar 2024)

    Google has released Stable channel 122.0.6045.214 (Platform version: 15753.38.0) for most ChromeOS devices, LTS channel 114.0.5735.355 (Platform Version: 15437.95.0) for most ChromeOS devices, Chrome 122 (122.0.6261.105) for Android, Stable channel 122.0.6261.111/.112 for Windows &Mac and 122.0.6261.111 for Linux to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-0225 (High), CVE-2024-1059 (High), CVE-2024-2173 (High), CVE-2024-2174 (High), CVE-2024-2176 (High)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1372 (Critical)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1369 (Critical)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1359 (Critical)

  • Vulnerability in GitHub (05 Mar 2024)

    A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-1355 (Critical)

  • Multiple Vulnerabilities in Nice's Equipment (05 Mar 2024)

    Multiple vulnerabilities have been discovered in Nice's Equipment- Linear eMerge E3-Series. The affected versions are Linear eMerge E3-Series 1.00-06 and prior. The mitigations are available.
    CVE ID: CVE-2019-7253 (Critical), CVE-2019-7254 (High), CVE-2019-7255 (Medium), CVE-2019-7256 (Critical), CVE-2019-7257 (Critical), CVE-2019-7258 (High), CVE-2019-7259 (High), CVE-2019-7260 (Critical), CVE-2019-7261 (Critical), CVE-2019-7265 (Critical), CVE-2019-7262 (High), CVE-2019-7264 (Critical)

  • Vulnerability in Santesoft's Equipment (05 Mar 2024)

    Out-of-Bounds Write vulnerability has been discovered in Santesoft's Equipment- Sante FFT Imaging. The affected versions are Sante FFT Imaging: 1.4.1 and prior. The mitigations are available.
    CVE ID: CVE-2024-1696 (High)

  • Vulnerability in Integration Objects's Equipment (05 Mar 2024)

    Improper Output Neutralization for Logs vulnerability has been discovered in Integration Objects's Equipment- OPC UA Server Toolkit. The affected versions are OPC UA Server Toolkit: 1.0.0 and prior. The mitigations are available.
    CVE ID: CVE-2023-7234 (Medium)

  • Red Hat Security Updates (05 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Android Security Updates (04 Mar 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-03-05 or later, address all of these issues.

  • Mozilla Released Security Update (04 Mar 2024)

    Mozilla has released a security update to address a vulnerability in Thunderbird 115.8.1. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-1936 (High)

  • Google Released Security Update for Chrome (04 Mar 2024)

    Google has released Dev channel 124.0.6329.0 for Windows, Mac &Linux.

  • Vulnerability in Supabase PostgreSQL (04 Mar 2024)

    A SQL injection vulnerability has been discovered in Supabase PostgreSQL. The affected version is Supabase PostgreSQL v15.1.
    CVE ID: CVE-2024-24213 (Critical)

  • Red Hat Security Updates (01 Mar 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • RevoWorks Security Updates (29 Feb 2024)

    RevoWorks has released security updates to address a protection mechanism failure vulnerability in RevoWorks SCVX and RevoWorks Browser. The affected versions are RevoWorks SCVX prior to scvimage4.10.21_1013, and RevoWorks Browser prior to 2.2.95.
    CVE ID: CVE-2024-25091 (Low) 

  • Vulnerability in Delta Electronics' Equipment (29 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B that allows executing arbitrary code. The affected versions are CNCSoft-B 1.0.0.4 and prior.
    CVE ID: CVE-2024-1941 (High)

  • Multiple Vulnerabilities in MicroDicom's Equipment (29 Feb 2024)

    Heap based buffer overflow and out of bounds write vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer that allow to cause memory corruption issues leading to execution of arbitrary code. The affected versions are MicroDicom DICOM Viewer 2023.3 (Build 9342) and prior. The mitigations are available.
    CVE ID: CVE-2024-22100 (High), CVE-2024-25578 (High)

  • Phobos Ransomware (29 Feb 2023)

    It has been observed that Phobos ransomware actors are using Tactics, Techniques and Procedures (TTPs) for bypassing organizational network defense protocols by modifying system firewall configurations. Phobos actors typically gain initial access to vulnerable networks by leveraging phishing campaigns to drop hidden payloads or using Internet Protocol (IP) scanning tools. After the exfiltration phase, Phobos actors then hunt for backups. Cybersecurity and Infrastructure Security Agency (CISA )has released a joint cybersecurity advisory to disseminate IOCs, mitigations for protecting systems and TTPs associated with Phobos ransomware.

  • Google Released Security Updates for Chrome (29 Feb 2024)

    Google has released Dev channel 123.0.6312.18 Platform version 15786.10.0 for most ChromeOS devices, Chrome Dev 124 (124.0.6328.0) for Android, Beta channel 123.0.6312.22 for Windows, Mac and Linux, and Chrome Beta 123 (123.0.6312.20) for Android.

  • Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy Secure Gateways Vulnerabilities (29 Feb 2024)

    It has been observed that cyber threat actors are actively exploiting multiple previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The vulnerabilities affect all supported versions (9.x and 22.x) and can be used in a chain of exploits to enable malicious cyber threat actors to bypass authentication, create malicious requests, and execute arbitrary commands with elevated privileges. Cybersecurity and Infrastructure Security Agency (CISA) has released cybersecurity advisory to disseminate IOCs, mitigations &detection methods to protect affected systems and TTPs  associated with threat actors.
    CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical), CVE-2024-21893 (High)

  • Vulnerability in Tongda OA (28 Feb 2024)

    A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions are Tongda OA 2017 up to 11.10.
    CVE ID: CVE-2024-1251 (Critical)

  • Vulnerability in openBI (28 Feb 2024)

    An OS command injection vulnerability has been discovered in openBI. The affected versions are openBI up to 1.0.8.
    CVE ID: CVE-2024-1115 (Critical)

  • Vulnerability in Wanhu ezOFFICE (28 Feb 2024)

    A SQL injection vulnerability has been discovered in Wanhu ezOFFICE. The affected version is Wanhu ezOFFICE 11.1.0.
    CVE ID: CVE-2024-1012 (Critical)

  • Vulnerability in Tenda i9 (28 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda i9. The affected version is Tenda i9 1.0.0.9(4122).
    CVE ID: CVE-2024-0996 (Critical)

  • Vulnerability in Tenda W6 (28 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda W6. The affected version is Tenda W6 1.0.0.9(4122).
    CVE ID: CVE-2024-0995 (Critical)

  • Vulnerability in Sichuan Yougou Technology KuERP (28 Feb 2024)

    A path traversal vulnerability has been discovered in Sichuan Yougou Technology KuERP. The affected versions are Sichuan Yougou Technology KuERP up to 1.0.4.
    CVE ID: CVE-2024-0989 (Critical)

  • Vulnerability in Tenda (28 Feb 2024)

    A stack based buffer overflow vulnerability has been discovered in Tenda AC10U. The affected version is Tenda AC10U 15.03.06.49_multi_TDE01.
    CVE ID: CVE-2024-0931 (Critical)

  • Cisco Released Security Updates for Multiple Products (28 Feb 2024)

    Cisco has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20321 (High), CVE-2024-20267 (High), CVE-2024-20344 (Medium), CVE-2024-20291 (Medium), CVE-2024-20294 (Medium)

  • Drupal Security Updates (28 Feb 2024)

    Drupal has released security updates to address multiple vulnerabilities in 3rd party plugins such as Drupal Symfony Mailer Lite, Node Access Rebuild Progressive, Private content, and Coffee modules.

  • Google Released Security Updates for Chrome (28 Feb 2024)

    Google has released Chrome 122 (122.0.6261.90) for Android, Stable channel OS version: 15699.72.0 Browser version: 121.0.6167.212 for most ChromeOS devices, and Chrome Beta 123 (123.0.6312.17) for iOS.

  • VMware Security Updates (27 Feb 2024)

    VMware has released security updates to address an out of bounds read vulnerability in VMware Workstation and Fusions. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-22251 (Medium)

  • Vulnerability in Mitsubishi Electric MELSEC iQ-F Series (27 Feb 2024)

    A Denial of Service (DoS) vulnerability has been discovered in the Ethernet function of multiple FA product of Mitsubishi Electric. The affected products are MELSEC iQ-F Series. The mitigation is available.
    CVE ID: CVE-2023-7033 (Medium)

  • Vulnerability in Hitachi Energy (27 Feb 2024)

    An OpenSSH Terrapin Attack vulnerability has been discovered in Hitachi Energy Lumada products. The affected products are Lumada EAM, Lumada APM, Lumada RM &Lumada AIP. The mitigation is available.
    CVE ID: CVE-2023-48795 (Medium)

  • Moxa Security Updates (26 Feb 2024)

    Moxa has released security updates to resolve an IP forwarding vulnerability in Moxa EDS-4000/G4000 Series that can bypass access controls or hide the source of malicious requests. The affected versions are EDS-4000/G4000 Series prior to version 3.2.
    CVE ID: CVE-2024-0387 (Medium)

  • Red Hat Security Updates (26 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (23 Feb 2024)

    Google has released Dev channel 124.0.6315.2 for Windows, Mac and Linux.

  • SonicWall Security Updates (23 Feb 2024)

    SonicWall has released security updates to address improper access control vulnerability in SMA100 SSL-VPN virtual office portal. The affected versions are SMA 100 Series 10.2.1.10-62sv and earlier versions. 
    CVE ID: CVE-2024-22395 (Medium)

  • Vulnerability in Delta Electronics' Equipment (22 Feb 2024)

    An uncontrolled search path element vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B DOPSoft that allows to achieve Remote Code Execution (RCE). The affected versions are CNCSoft-B v1.0.0.4 DOPSoft prior to v4.0.0.82.
    CVE ID: CVE-2024-1595 (High)

  • Vulnerability in ConnectWise ScreenConnect (22 Feb 2024)

    An authentication bypass vulnerability has been discovered in ConnectWise ScreenConnect that allows access to confidential information or critical systems. The affected versions are ConnectWise ScreenConnect 23.9.7 and prior.
    CVE ID: CVE-2024-1709 (Critical)

  • Google Released Security Updates for Chrome (22 Feb 2024)

    Google has released Chrome Dev 124 (124.0.6315.0) for Android and Stable channel 122.0.6261.69 for Mac &Linux and 122.0.6261.69/.70 for Windows.

  • Red Hat Security Updates (22 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • GitLab Security Updates (21 Feb 2024)

    GitLab has released updated versions 16.9.1, 16.8.3, and 16.7.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1451 (High), CVE-2023-6477 (Medium), CVE-2023-6736 (Medium), CVE-2024-1525 (Medium), CVE-2023-4895 (Medium), CVE-2024-0861 (Medium), CVE-2023-3509 (Low), CVE-2024-0410 (Low)

  • Juniper Released Security Updates (21 Feb 2024)

    Juniper has released security updates to address a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in telemetry processing of Juniper Networks Junos OS. An attacker can exploit this vulnerability to take control of an affected system. The affected products are Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S9, 21.1 versions 21.1R1 and later, 21.2 versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S1, 22.3R3-S1, 22.4 versions prior to 22.4R2-S2, 22.4R3 and 23.1 versions prior to 23.1R2.
    CVE ID: CVE-2023-44188 (Medium)

  • Cisco Released Security Updates for Cisco Unified Intelligence Center (21 Feb 2024)

    Cisco has released security updates to address an insufficient access control vulnerability in Cisco Unified Intelligence Center that allows to read and modify data in a repository that belongs to an internal service on an affected device.
    CVE ID: CVE-2024-20325 (Medium)

  • Google Released Security Updates for Chrome (21 Feb 2024)

    Google has released Chrome Beta 123 (123.0.6312.3) for Android, Chrome 123.0.6312.4 Beta channel for Windows, Mac and Linux, Chrome Beta 123 (123.0.6312.2) for iOS and LTC channel version 120.0.6099.294 (Platform Version: 15662.94.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1283 (High), CVE-2024-1284 (High)

  • Vulnerability in libgit2 (21 Feb 2024)

    A heap corruption vulnerability has been discovered in libgit2 that can be leveraged for arbitrary code execution. The vulnerability has been patched in version 1.6.5 and 1.7.2.
    CVE ID: CVE-2024-24577 (Critical)

  • Vulnerability in MyQ Print Server (21 Feb 2024)

    An arbitrary code execution vulnerability has been discovered in MyQ Print Server. The affected versions are MyQ Print Server before 8.2 patch 43.
    CVE ID: CVE-2024-22076 (Critical)

  • Cyber Actions for Securing Water Systems (21 Feb 2024)

    CISA has released top cyber actions for securing Water and Wastewater Systems Sector entities, which run Operational Technology (OT) and Information Technology (IT) systems to reduce cyber risk and improve resilience to cyberattacks.

  • Vulnerability in Biosig Project (20 Feb 2024)

    A double-free vulnerability has been discovered in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
    CVE ID: CVE-2024-23809 (Critical)

  • Vulnerability in Biosig Project (20 Feb 2024)

    An out-of-bounds write vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
    CVE ID: CVE-2024-23606 (Critical)

  • Vulnerability in Biosig Project (20 Feb 2024)

    An use-after-free vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
    CVE ID: CVE-2024-23310 (Critical)

  • Mozilla Released Security Updates (20 Feb 2024)

    Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.8, Firefox ESR 115.8, and Firefox 123. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-1546 (High), CVE-2024-1547 (High), CVE-2024-1548 (Medium), CVE-2024-1549 (Medium), CVE-2024-1550 (Medium), CVE-2024-1551 (Medium), CVE-2024-1552 (Low), CVE-2024-1553 (High), CVE-2024-1554 (Medium), CVE-2024-1555 (Medium), CVE-2024-1556 (Low), CVE-2024-1557 (High)

  • Google Released Security Updates for Chrome (20 Feb 2024)

    Google has released Chrome 122 (122.0.6261.64) for Android, Beta channel 122.0.6261.57 for Windows, Mac and Linux, Chrome Beta 122 (122.0.6261.64) for Android, Chrome Stable 122 (122.0.6261.62) for iOS, and Chrome 122.0.6261.57 for Linux and Mac, 122.0.6261.57/.58 for Windows to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1669 (High), CVE-2024-1670 (High), CVE-2024-1671 (Medium), CVE-2024-1672 (Medium), CVE-2024-1673 (Medium), CVE-2024-1674 (Medium), CVE-2024-1675 (Medium), CVE-2024-1676 (Low)

  • Joomla Security Update (20 Feb 2024)

    Joomla has released security updates to resolve multiple vulnerabilities in Joomla CMS.
    CVE ID: CVE-2023-21726 (Medium), CVE-2023-21725 (High), CVE-2023-21724 (Medium), CVE-2023-21723 (Low), CVE-2023-21722 (Low)

  • Multiple Vulnerabilities in Commend's Equipment (20 Feb 2024)

    Multiple vulnerabilities have been discovered in Commend's Equipment- WS203VICM that allow an attacker to obtain sensitive information or force the system to restart. The affected versions are WS203VICM 1.7 and prior. The mitigation is available.
    CVE ID: CVE-2024-22182 (High), CVE-2024-21767 (Critical), CVE-2024-23492 (Medium)

  • Multiple Vulnerabilities in CISA's Equipment (20 Feb 2024)

    Multiple vulnerabilities have been discovered in CISA's Equipment- Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek that allow Remote Code Execution (RCE). The affected versions are Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior. The mitigations are available.
    CVE ID: CVE-2023-7244 (Critical), CVE-2023-7243 (Critical), CVE-2023-7242 (High)

  • VMware Security Updates (20 Feb 2024)

    VMware has released security updates to address multiple vulnerabilities in VMware Enhanced Authentication Plug-in (EAP), VMware Aria Operations and VMware Cloud Foundation. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-22245 (Critical), CVE-2024-22250 (High), CVE-2024-22235 (Medium)

  • Vulnerability in ELECOM Wireless LAN Routers (20 Feb 2024)

    An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
    CVE ID: CVE-2024-25579 (Medium)

  • Multiple Vulnerabilities in ELECOM Wireless LAN Routers (20 Feb 2024)

    Multiple vulnerabilities have been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
    CVE ID: CVE-2024-21798 (Medium), CVE-2024-23910 (Medium)

  • Red Hat Security Updates (20 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Mitsubishi Electric (20 Feb 2024)

    A Remote Code Execution (RCE) vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in Electrical discharge machines of Mitsubishi Electric. The mitigation is available.
    CVE ID: CVE-2023-21554 (Critical)

  • Vulnerability in Torrentpier (19 Feb 2024)

    An arbitrary command execution vulnerability has been discovered due to insecure deserialization in Torrentpier. The affected version is Torrentpier 2.4.1.
    CVE ID: CVE-2024-1651 (Critical) 

  • Vulnerability in Loomio (19 Feb 2024)

    An OS command injection vulnerability has been discovered in Loomio that allows executing arbitrary commands on the server. The affected version is Loomio 2.22.0.
    CVE ID: CVE-2024-1297 (Critical) 

  • Red Hat Security Updates (19 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Rockwell Automation FactoryTalk® Service Platform (16 Feb 2024)

    A privilege escalation vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform (FTSP). The affected products are FactoryTalk® Service Platform software version prior to v2.74. Security updates are available.
    CVE ID: CVE-2024-21915 (Critical)

  • Google Released Security Updates for Chrome (16 Feb 2024)

    Google has updated the Stable channel to OS version 15699.66.0 Browser version 121.0.6167.188 for most ChromeOS devices and LTS channel to 114.0.5735.351 Platform Version: 15437.91.0 to resolve multiple vulnerabilities.
    CVE ID: CVE: CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2023-51042 (High), CVE-2023-6931 (High), CVE-2023-6817 (High), CVE-2023-46813 (High), CVE-2023-6932 (High)

  • Multiple Vulnerabilities in Several IBM Products (16 Feb 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Multiple Vulnerabilities in Several NetApp Products (16 Feb 2024)

    Multiple vulnerabilities have been discovered in several NetApp products. 

  • SUSE Security Updates (16 Feb 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Oracle Released January 2024 Critical Patch Update (16 Feb 2024)

    Oracle has released its critical patch update for January 2024 to address 389 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SolarWinds Security Update for Access Rights Manager (15 Feb 2024)

    SolarWinds has released a security update to address multiple vulnerabilities in Access Rights Manager. The affected versions are SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions.
    CVE ID: CVE-2023-40057 (Critical), CVE-2024-23476 (Critical), CVE-2024-23477 (High), CVE-2024-23478 (High), CVE-2024-23479 (Critical)

  • Red Hat Security Updates (15 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (14 Feb 2024)

    Google has released Chrome 122 (122.0.6261.43) for Android, Chrome Beta 122 (122.0.6261.47) for iOS, Chrome Stable 122 (122.0.6261.48) for iOS, Stable channel 122.0.6261.39 for Windows &122.0.6261.49 for Mac, Beta channel 122.0.6261.39 for Windows, Mac &Linux, and Chrome Beta 122 (122.0.6261.43) for Android.

  • Palo Alto Networks Released Security Updates (14 Feb 2024)

    Palo Alto Networks has released security updates to resolve multiple vulnerabilities in the Palo Alto Networks PAN-OS.
    CVE ID: CVE-2024-0007 (Medium), CVE-2024-0008 (Medium), CVE-2024-0009 (Medium), CVE-2024-0010 (Medium), CVE-2024-0011 (Medium)

  • Vulnerability in HGiga OAKlouds (14 Feb 2024)

    It has been discovered that the functionality for file download in HGiga OAKlouds' contains an arbitrary file read and delete vulnerability.  
    CVE ID: CVE-2024-26261 (Critical)

  • Vulnerability in HGiga OAKlouds (14 Feb 2024)

    It has been discovered that the functionality for synchronization in HGiga OAKlouds' has an OS command injection vulnerability that allows to inject system commands within specific request parameters.
    CVE ID: CVE-2024-26260 (Critical)

  • Vulnerability in SonicWall (14 Feb 2024)

    An improper authentication vulnerability has been discovered in SonicWall SonicOS SSL-VPN feature. The affected version is SonicOS 7.1.1-7040. 
    CVE ID: CVE-2024-22394 (Critical)

  • Vulnerability in Axigen WebMail (14 Feb 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Axigen WebMail that allows to escalate privileges. The affected versions are Axigen WebMail v.10.5.7 and before. 
    CVE ID: CVE-2023-48974 (Critical)

  • Vulnerability in SQLAlchemyDA (14 Feb 2024)

    A vulnerability has been discovered in SQLAlchemyDA that allows unauthenticated execution of arbitrary SQL statements on the database. The affected products are SQLAlchemyDA versions prior to 2.2.
    CVE ID: CVE-2024-24811 (Critical)

  • Vulnerability in Juanpao JPShop (14 Feb 2024)

    An unrestricted upload vulnerability has been discovered in Juanpao JPShop. The affected versions are Juanpao JPShop up to 1.5.02.
    CVE ID: CVE-2024-1264 (Critical)

  • Vulnerability in Tenda AC9 (14 Feb 2024)

    A buffer overflow vulnerability has been discovered in Tenda AC9. The affected version is Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi.
    CVE ID: CVE-2024-24543 (Critical)

  • Drupal Security Update (14 Feb 2024)

    Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability in CKEditor 4 LTS - WYSIWYG HTML editor, a third-party library used in it. The affected versions are CKEditor 4 LTS - WYSIWYG HTML editor 1.0.0 and below 1.0.1.
    CVE ID: CVE-2024-24815

  • CVE - KB Correlation (14 Feb 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during February 2024.

  • Security Updates for Multiple Vulnerabilities in Siemens Products (13 Feb 2024)

    Siemens has released Security Updates to address multiple vulnerabilities in its products. These updates as per OEM recommendations may be implemented.

  • Schneider Electric Security Updates (13 Feb 2024)

    Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-6409 (High), CVE-2023-27975 (High), CVE-2024-0568 (High), CVE-2024-0865 (High), CVE-2018-7846 (Medium), CVE-2018-7849 (High), CVE-2018-7843 (High), CVE-2018-7848 (Medium), CVE-2018-7842 (High), CVE-2018-7847 (Critical), CVE-2018-7850 (High), CVE-2018-7845 (High), CVE-2018-7852 (High), CVE-2018-7853 (High), CVE-2018-7854 (High), CVE-2018-7855 (High), CVE-2018-7856 (High), CVE-2018-7857 (High), CVE-2019-6806 (High),  CVE-2019-6807 (High), CVE-2019-6808 (Critical), CVE-2018-7844 (High), CVE-2019-6830 (Medium), CVE-2019-6828 (High), CVE-2019-6829 (High), CVE-2019-6809 (High)

  • Vulnerability in Mitsubishi Electric (13 Feb 2024)

    An information disclosure vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-R Series Safety CPU and SIL2 Process CPU module. All versions of MELSEC iQ-R Series Safety CPU and MELSEC iQ-R Series SIL2 Process CPU are affected. The mitigation is available.
    CVE ID: CVE-2023-6815 (Medium)

  • Adobe Released Security Updates (13 Feb 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20738 (Critical),CVE-2024-20739 (High), CVE-2024-20750 (High), CVE-2024-20719 (Critical), CVE-2024-20720 (Critical)

  • Microsoft Released February 2024 Security Updates (13 Feb 2024)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-21364 (Critical), CVE-2024-21376 (Critical), CVE-2024-21401 (Critical), CVE-2024-21403 (Critical), CVE-2024-21410 (Critical), CVE-2024-21413 (Critical)

  • Multiple Vulnerabilities in Siemens Products (13 Feb 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.
    CVE ID: CVE-2023-38199 (Critical), CVE-2023-29405 (Critical), CVE-2023-29404 (Critical), CVE-2023-29402 (Critical), CVE-2023-45871 (Critical), CVE-2023-45614 (Critical), CVE-2023-45615 (Critical), CVE-2023-45616 (Critical), CVE-2023-44373 (Critical), CVE-2024-23816 (Critical), CVE-2023-45871 (Critical), CVE-2023-45853 (Critical)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-50868 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-50387 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-6516 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-5680 (Medium)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-5679 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-5517 (High)

  • ISC Released Security Updates for BIND 9 (13 Feb 2024)

    ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
    CVE ID: CVE-2023-4408 (High)

  • Google Released Security Updates for Chrome (13 Feb 2024)

    Google has released Chrome 121 (121.0.6167.178) for Android, Extended Stable channel 120.0.6099.291 for Windows &Mac, Stable channel 121.0.6167.184 for Mac &Linux and 121.0.6167.184/185 to Windows.

  • Vulnerability in Malwarebytes Binisoft Windows Firewall Control (12 Feb 2024)

    Arbitrary code execution vulnerability has been discovered in Malwarebytes Binisoft Windows Firewall Control. The affected versions are Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2.
    CVE ID: CVE-2024-25089 (Critical)

  • Vulnerability in Novel-Plus (09 Feb 2024)

    A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
    CVE ID: CVE-2024-24021 (Critical)

  • Vulnerability in Novel-Plus (09 Feb 2024)

    A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
    CVE ID: CVE-2024-24017 (Critical)

  • Vulnerability in jshERP (09 Feb 2024)

    A SQL injection vulnerability has been discovered in jshERP. The affected version is jshERP v3.3.
    CVE ID: CVE-2024-24003 (Critical)

  • Vulnerability in Jsish (09 Feb 2024)

    A use after free vulnerability has been discovered in Jsish. The affected version is Jsish v3.5.0.
    CVE ID: CVE-2024-24189 (Critical)

  • Vulnerability in Jsish (09 Feb 2024)

    A heap buffer overflow vulnerability has been discovered in Jsish. The affected version is Jsish v3.5.0.
    CVE ID: CVE-2024-24188 (Critical)

  • Vulnerability in Johnson Controls (08 Feb 2024)

    A vulnerability has been discovered in Johnson Controls impacting IQ Panel 4 and IQ4 Hub, which allows unauthorized access to settings. All versions of IQ Panel 4 prior to 4.4.2 and all versions of IQ4 Hub prior to 4.4.2 are affected. The mitigations are available.
    CVE ID: CVE-2024-0242

  • Microsoft Edge Security Updates (08 Feb 2024)

    Microsoft has released updated Microsoft Edge Stable Channel Version 121.0.2277.112 and Microsoft Edge Extended Stable Channel Version 120.0.2210.175. 

  • Vulnerability in FortiOS (08 Feb 2024)

    An out-of-bounds write vulnerability has been discovered in FortiOS that can allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. The updates are available.
    CVE ID: CVE-2024-21762 (Critical)

  • Vulnerability in FortiOS (08 Feb 2024)

    An use of externally-controlled format string vulnerability has been discovered in FortiOS fgfmd daemon that can allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The updates are available.
    CVE ID: CVE-2024-23113 (Critical)

  • Red Hat Security Updates (08 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Vulnerability in Fortinet FortiSIEM (07 Feb 2024)

    An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
    CVE ID: CVE-2024-23109 (Critical)

  • Vulnerability in Fortinet FortiSIEM (07 Feb 2024)

    An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
    CVE ID: CVE-2024-23108 (Critical)

  • Vulnerability in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin (07 Feb 2024)

    A SQL injection vulnerability has been discovered in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin. The affected versions are Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin versions up to, and including, 3.7.1.
    CVE ID: CVE-2024-0685 (Critical)

  • Vulnerability in Vinchin Backup &Recovery (07 Feb 2024)

    A vulnerability has been discovered in Vinchin Backup &Recovery that allows to be configured with default root credentials. The affected version is Vinchin Backup &Recovery v7.2.
    CVE ID: CVE-2024-22902 (Critical)

  • Vulnerability in Vinchin Backup &Recovery (07 Feb 2024)

    A vulnerability has been discovered in Vinchin Backup &Recovery due to the use of default MYSQL credentials. The affected version is Vinchin Backup &Recovery v7.2.
    CVE ID: CVE-2024-22901 (Critical)

  • Vulnerability in Rockwell Automation (07 Feb 2024)

    A vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform that allows to obtain the service token and use it for authentication on another FTSP directory.
    CVE ID: CVE-2024-21917 (Critical)

  • Cisco Released Security Updates for Cisco Expressway Series (07 Feb 2024)

    Cisco has released security updates to address multiple Cross Site Request Forgery (CSRF) vulnerabilities in Cisco Expressway Series. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20252 (Critical), CVE-2024-20254 (Critical), CVE-2024-20255 (High)

  • Google Released Security Updates for Chrome (07 Feb 2024)

    Google has released Chrome Beta 122 (122.0.6261.27) for Android, Chrome Stable 121 (121.0.6167.171) for iOS, Beta channel 122.0.6261.29 for Windows, Mac &Linux, LTC-120 version 120.0.6099.272 (Platform Version: 15662.88.0) for most ChromeOS devices, Chrome Beta 122 (122.0.6261.26) for iOS and Stable channel OS version 15699.58.0 Browser version 121.0.6167.159 for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2024-1280 (Medium), CVE-2024-1281 (Medium), CVE-2024-25556 (Medium), CVE-2024-25557 (Medium), CVE-2024-25558 (Medium), CVE-2023-6817 (Medium), CVE-2023-6932 (Medium), CVE-2024-0806 (Medium), CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2024-0813 (Medium), CVE-2024-0814 (Medium),  CVE-2024-0809 (Low), CVE-2024-0811 (Low)

  • Cisco Released Security Updates for ClamAV OLE2 File Format Parser (07 Feb 2024)

    Cisco has released security updates to address a Denial of Service (DoS) vulnerability in ClamAV OLE2 File Format Parser.
    CVE ID: CVE-2024-20290 (High)

  • GitLab Security Updates (07 Feb 2024)

    GitLab has released updated versions 16.8.2, 16.7.5, and 16.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2024-1250 (Medium), CVE-2023-6840 (Medium), CVE-2023-6386 (Medium), CVE-2024-1066 (Medium)

  • Red Hat Security Updates (07 Feb 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • JetBrains Released Security Update for TeamCity On-Premises (06 Feb 2024)

    JetBrains has released security update for TeamCity On-Premises to address a vulnerability that allow unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server. All versions of TeamCity On-Premises from 2017.1 through 2023.11.2 are affected.
    CVE ID: CVE-2024-23917 (Critical)

  • Vulnerability in IBM Operational Decision Manager (06 Feb 2024)

    Remote code execution vulnerability has been discovered in IBM Operational Decision Manager. The affected versions are IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1.
    CVE ID: CVE-2024-22319 (Critical)

  • Vulnerability in Notion Web Clipper (06 Feb 2024)

    Arbitrary command execution vulnerability has been discovered in Notion Web Clipper. The affected version is Notion Web Clipper 1.0.3(7).
    CVE ID: CVE-2024-23745 (Critical)

  • Vulnerability in HID Global's Equipment (06 Feb 2024)

    Improper Authorization vulnerability has been discoveerd in HID Global's Equipment- iCLASS SE, OMNIKEY. All versions of iCLASS SE CP1000 Encoder, iCLASS SE Readers, iCLASS SE Reader Modules, iCLASS SE Processors, OMNIKEY 5427CK Readers, OMNIKEY 5127CK Readers, OMNIKEY 5023 Readers, and OMNIKEY 5027 Readers are affected.
    CVE ID: CVE-2024-22388 (Medium)

  • Vulnerability in HID Global's Equipment (06 Feb 2024)

    Improper Authorization vulnerability has been discovered in HID Global's Equipment- Reader Configuration Cards. All versions of HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards are affected.
    CVE ID: CVE-2024-23806 (Medium)

  • Cisco Released Security Updates for Multiple Products (06 Feb 2024)

    Cisco has released security updates to address Snort access control policy bypass vulnerability in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-20246 (Medium)

  • VMware Security Updates (06 Feb 2024)

    VMware has released security updates to address multiple vulnerabilities in VMware Aria Operations for Networks. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-22237 (High), CVE-2024-22238 (Medium), CVE-2024-22239 (Medium), CVE-2024-22240 (Medium), CVE-2024-22241 (Medium)

  • Google Released Security Update for Chrome (06 Feb 2024)

    Google has released Chrome 121 (121.0.6167.164) for Android, Stable channel 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 for Windows, and Extended Stable channel 120.0.6099.283 for Windows and Mac.
    CVE ID: CVE-2024-1284 (High), High CVE-2024-1283 (High)

  • SUSE Security Updates (06 Feb 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in JFinalCMS (06 Feb 2024)

    SQL injection vulnerability has been discovered in JFinalCMS. The affected version is JFinalCMS 5.0.0.
    CVE ID: CVE-2024-24029 (Critical)

  • Vulnerability in CrateDB (06 Feb 2024)

    Authentication bypass vulnerability has been discovered in the Admin UI component of CrateDB. The affected version is CrateDB 5.5.1.
    CVE ID: CVE-2023-51982 (Critical)

  • Vulnerability in Wanhu ezOFFICE (05 Feb 2024)

    A SQL injection vulnerability has been discovered in Wanhu ezOFFICE. The affected version is Wanhu ezOFFICE 11.1.0.
    CVE ID: CVE-2024-1012 (Critical)

  • Vulnerability in openBI (05 Feb 2024)

    An unrestricted upload vulnerability has been discovered in openBI. The affected versions are openBI up to 1.0.8.
    CVE ID: CVE-2024-1036 (Critical)

  • Vulnerability in 'HTML5 Video Player' WordPress Plugin (05 Feb 2024)

    A SQL injection vulnerability has been discovered in the 'HTML5 Video Player' WordPress Plugin. The affected versions are 'HTML5 Video Player' WordPress Plugin prior to 2.5.25.
    CVE ID: CVE-2024-1061 (Critical)

  • Google Released Security Update for Chrome (05 Feb 2024)

    Google has released Beta channel OS version: 15699.54.0, Browser version: 121.0.6167.155 for most ChromeOS devices.

  • Android Security Updates (05 Feb 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-02-05 or later, address all of these issues.

  • Docker Security Updates (01 Feb 2024)

    Docker has released security updates to resolve multiple vulnerabilities in several products. The affected versions are runc 1.1.11 and below, BuildKit 0.12.4 and below, Moby (Docker Engine) 25.0.1 and below and 24.0.8 and below, and Docker Desktop 4.27.0 and below.
    CVE ID: CVE-2024-21626 (High), CVE-2024-23651 (High), CVE-2024-23652 (High), CVE-2024-23653 (High), CVE-2024-23650 (Medium), CVE-2024-24557 (Medium)

  • Multiple Vulnerabilities in Ivanti Products (01 Feb 2024)

    Privilege escalation, and Server-side request forgery vulnerabilities have been discovered in Ivanti Connect Secure, Ivanti Policy Secure and ZTA Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways are affected. The patches and mitigations are available.
    CVE ID: CVE-2024-21888 (High), CVE-2024-21893 (High)

  • Vulnerability in AVEVA's Equipment (01 Feb 2024)

    An uncontrolled search path element vulnerabilitiy have been discovered in AVEVA's Equipment- AVEVA Edge products aka  InduSoft Web Studio that results in  achieving arbitrary code execution and privilege escalation . The affected versions are AVEVA Edge 2020 R2 SP2 and prior. The mitigation is available.
    CVE ID: CVE-2023-6132 (High)

  • Microsoft Edge Security Updates (01 Feb 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 121.0.2277.98) and Microsoft Edge Extended Stable Channel (120.0.2210.167) to resolve vulnerability.
    CVE ID: CVE-2024-21399 (High)

  • Multiple Vulnerabilities in Gessler GmbH's Equipment (01 Feb 2024)

    Multiple vulnerabilities have been discovered in Gessler GmbH's Equipment- WEB-MASTER. The affected version is WEB-MASTER 7.9. The mitigation is available.
    CVE ID: CVE-2024-1039 (Critical), CVE-2024-1040 (Medium)

  • Trend Micro Security Update for Trend Micro Apex Central (31 Jan 2024)

    Trend Micro has released a security update to address multiple vulnerabilities in Trend Micro Apex Central, Platform: Windows. The affected versions are Trend Micro Apex Central 2019 (On-prem builds before 6570).
    CVE ID: CVE-2023-52324 (Medium), CVE-2023-52325 (High), CVE-2023-52326 (Medium), CVE-2023-52327 (Medium), CVE-2023-52328 (Medium), CVE-2023-52329 (Medium), CVE-2023-52330 (Medium), CVE-2023-52331 (Critical)

  • Vulnerability in WebUI of Google Chrome (29 Jan 2024)

    An integer underflow vulnerability has been discovered in WebUI of Google Chrome, which allows heap corruption via a malicious file. The affected versions are WebUI of Google Chrome prior to 121.0.6167.85. Security updates are available.
    CVE ID: CVE-2024-0808 (Critical)

  • Vulnerability in Webkul Bundle Product (29 Jan 2024)

    A SQL injection vulnerability has been discovered in Webkul Bundle Product that allows to execute arbitrary code. The affected version is Webkul Bundle Product 6.0.1.
    CVE ID: CVE-2023-51210 (Critical)

  • Vulnerability in TOTOLINK (29 Jan 2024)

    A stack overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK A3700R_V9.1.2u.6165_20211012.
    CVE ID: CVE-2024-22662 (Critical)

  • Vulnerability in Fortra (29 Jan 2024)

    An authentication bypass vulnerability has been discovered in Fortra's GoAnywhere MFT. The affected versions are Fortra GoAnywhere MFT prior to 7.4.1.
    CVE ID: CVE-2024-0204 (Critical)

  • Vulnerability in darkhttpd (26 Jan 2024)

    An authentication bypass vulnerability has been discovered in darkhttpd. The affected versions are darkhttpd before 1.15.
    CVE ID: CVE-2024-23771 (Critical)

  • Vulnerability in OpenAPI loader for Embedchain (26 Jan 2024)

    An arbitrary code execution vulnerability has been discovered in OpenAPI loader for Embedchain. The affected versions are OpenAPI loader ifor Embedchain before 0.1.57.
    CVE ID: CVE-2024-23731 (Critical)

  • Vulnerability in Enonic XP (26 Jan 2024)

    A session fixation vulnerability has been discovered in Enonic XP. The affected versions are Enonic XP versions less than 7.7.4.
    CVE ID: CVE-2024-23679 (Critical)

  • Google Released Security Updates for Chrome (26 Jan 2024)

    Google has released LTC-120  version 120.0.6099.235 (Platform Version: 15662.76.0) for most ChromeOS devices. 

  • Microsoft Edge Security Updates (25 Jan 2024)

    Microsoft Edge (Chromium-based) has released Microsoft Edge Stable Channel (Version 121.0.2277.83) and Microsoft Edge Extended Stable Channel (120.0.2210.160) to resolve elevation of privilege vulnerability which can lead to a full compromise of the browser.
    CVE ID: CVE-2024-21326 (Critical)

  • Red Hat Security Updates (25 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Multiple Vulnerabilities in Jenkins (24 Jan 2024)

    Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
    CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High), CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903 (Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904 (High)

  • Cisco Released Security Updates for Cisco Small Business Series Switches  (24 Jan 2024)

    Cisco has released security updates to resolve bypass vulnerability in Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches.
    CVE ID: CVE-2024-20263 (Medium)

  • Cisco Released Security Updates for Cisco Unity Connection (24 Jan 2024)

    Cisco has released security updates to resolve a Cross Site Scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection.
    CVE ID: CVE-2024-20305 (Medium)

  • Cisco Released Security Updates for Cisco Unified Communications and Contact Center Solutions products (24 Jan 2024)

    A critical vulnerability has been discovered in multiple Cisco Unified Communications and Contact Center Solutions products. Successful exploitation can allow to execute arbitrary code on an affected device.
    CVE ID: CVE-2024-20253 (Critical)

  • Multiple Vulnerabilities in Jenkins Products (24 Jan 2024)

    Multiple Vulnerabilities have been discovered in several Jenkins products which may lead to Remote Code Execution (RCE).
    CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High), CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903 (Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904 (High)

  • Google Released Security Updates for Chrome (24 Jan 2024)

    Google has released Chrome Beta 122 (122.0.6261.3) for iOS and Beta 122 (122.0.6261.5) for Android.

  • Multiple Vulnerabilities in Several IBM Products (24 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.

  • SUSE Security Updates (24 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Vulnerability in GitHub (23 Jan 2024)

    An unsafe reflection vulnerability has been discovered in GitHub Enterprise Server that can lead to reflection injection. All versions of GitHub Enterprise Server prior to 3.12 are affected.
    CVE ID: CVE-2024-0200 (Critical)

  • Vulnerability in Totolink (23 Jan 2024)

    A critical vulnerability has been discovered in Totolink that leads to improper access controls. The affected version is Totolink N350RT 9.3.5u.6265.
    CVE ID: CVE-2024-0570 (Critical)

  • Vulnerability in Intumit inc. SmartRobot (23 Jan 2024)

    A Remote Code Execution (RCE) vulnerability has been discovered in Intumit inc. SmartRobot's web framework.
    CVE ID: CVE-2024-0552 (Critical)

  • Multiple Vulnerabilities in Voltronic Power's Equipment (23 Jan 2024)

    Multiple vulnerabilities have been discovered in Voltronic Power's Equipment- ViewPower Pro. The affected version is ViewPower Pro 2.0-22165.
    CVE ID: CVE-2023-51570 (Critical), CVE-2023-51571 (High), CVE-2023-51572 (Critical), CVE-2023-51573 (Critical)

  • Vulnerability in APsystems' Equipment (23 Jan 2024)

    An improper access control vulnerability has been discovered in APsystems' Equipment- Energy communication Unit (ECU-C) Power Control Software. The affected versions are Energy Communication Unit Power Control Software: C1.2.2, v3.11.4, W2.1.NA, v4.1SAA and v4.1NA.
    CVE ID: CVE-2022-44037 (High)

  • Security Update for Crestron (23 Jan 2023)

    Crestron has released a security update to address an OS command injection vulnerability in its equipment- AM-300. The affected version is AM-300 1.4499.00018.
    CVE ID: CVE-2023-6926 (High)

  • Multiple Vulnerabilities in Westermo's Equipment (23 Jan 2024)

    Multiple vulnerabilities have been discovered in Westermo's equipment- Lynx 206-F2G. The affected versions are Lynx: Model Version L206-F2G1, and Lynx: Firmware Version 4.24. The mitigation is available.
    CVE ID: CVE-2023-40143 (Medium), CVE-2023-45222 (Medium), CVE-2023-45735 (High), CVE-2023-45213 (Medium), CVE-2023-42765 (Medium), CVE-2023-40544 (Medium), CVE-2023-38579 (High), CVE-2023-45227 (Medium)

  • Vulnerability in Lantronix's Equipment (23 Jan 2024)

    A weak encoding for password vulnerability has been discovered in Lantronix's Equipment- XPort. The affected version is XPort Device Server Configuration Manager 2.0.0.13.
    CVE ID: CVE-2023-7237 (Medium)

  • Vulnerability in Orthanc's Equipment (23 Jan 2024)

    A Cross Site Scripting (XSS) vulnerability has been discovered in Orthanc's Equipment- Osimis Web Viewer. The affected version is Osimis WebViewer 1.4.2.0-9d9eff4. The mitigation is available.
    CVE ID: CVE-2023-7238 (High)

  • Vulnerability in TOTOlink (17 Jan 2024)

    A Remote Command Execution (RCE) vulnerability has been discovered in TOTOlink. The affected version is TOTOlink EX1200T V4.1.2cu.5232_B20210713. 
    CVE ID: CVE-2023-52032 (Critical)

  • Vulnerability in D-Link (17 Jan 2024)

    An arbitrary code execution vulnerability has been discovered in D-Link. The affected version is D-Link dir815 v.1.01SSb08.bin. 
    CVE ID: CVE-2023-51123 (Critical)

  • Vulnerability in Wuzhicms (17 Jan 2024)

    A SQL injection vulnerability has been discovered in Wuzhicms. The affected version is Wuzhicms v4.1.0. 
    CVE ID: CVE-2023-52064 (Critical)

  • Vulnerability in FLIR AX8 (17 Jan 2024)

    A command injection vulnerability has been discovered in FLIR AX8. The affected versions are FLIR AX8 up to 1.46.16. 
    CVE ID: CVE-2023-51126 (Critical)

  • Vulnerability in Redis (17 Jan 2024)

    An integer overflow vulnerability has been discovered in Redis that leads to heap overflow and potential Remote Code Execution (RCE). Security updates are available.
    CVE ID: CVE-2023-41056 (Critical)

  • Microsoft Edge Security Update (17 Jan 2024)

    Microsoft has released security update to address vulnerability in Microsoft Edge Stable Channel (Version 120.0.2210.144) to resolve a vulnerability.
    CVE ID: CVE-2024-0519

  • Google Released Security Update for Chrome (17 Jan 2024)

    Google has released Chrome Stable 121 (121.0.6167.66) for iOS, Chrome Beta 121 (121.0.6167.71) for Android, Stable channel 121.0.6167.75 for Windows and Mac, and Beta channel 121.0.6167.75 for Windows, Mac and Linux.

  • Trend Micro Security Update for Trend Micro Deep Security (16 Jan 2024)

    Trend Micro has released a security update to address local privilege escalation vulnerabilities in Trend Micro Deep Security Agent, Platform: Windows. The affected version is Trend Micro Deep Security Agent (Including Cloud One - Endpoint and Workload Security) 20.0.
    CVE ID: CVE-2023-52337 (High), CVE-2023-52338 (High)

  • Vulnerability in soxft TimeMail (16 Jan 2024)

    A SQL injection vulnerability has been discovered in soxft TimeMail. The affected versions are soxft TimeMail up to 1.1.
    CVE ID: CVE-2024-0344 (Critical)

  • VMware Security Updates (16 Jan 2024)

    VMware has released security updates to address a missing access control vulnerability in VMware Aria Automation & VMware Cloud Foundation. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2023-34063 (Critical)

  • Red Hat Security Updates (16 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • GitLab Security Updates (12 Jan 2024)

    GitLab has released updated versions 16.7.3, 16.6.5, and 16.5.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

  • Multiple Vulnerabilities in Several NetApp Products (12 Jan 2024)

    Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. 
    CVE ID: CVE-2023-26031 (High), CVE-2023-29258 (High), CVE-2023-45178 (High), CVE-2023-45287 (High), CVE-2023-46167 (High), CVE-2023-6337 (High), CVE-2023-6534 (High), CVE-2023-7104 (High)

  • Vulnerability in Tenda (12 Jan 2024)

    A stack overflow vulnerability has been discovered in Tenda AX1803. The affected version is Tenda AX1803 v1.0.0.1.
    CVE ID: CVE-2023-51970 (Critical)

  • Vulnerability in Tenda (12 Jan 2024)

    A command injection vulnerability has been discovered in Tenda AX1803. The affected version is Tenda AX1803 v1.0.0.1.
    CVE ID: CVE-2023-51972 (Critical)

  • Vulnerability in Tenda A18 (12 Jan 2024)

    A stack overflow vulnerability has been discovered in Tenda A18. The affected version is Tenda A18 v15.13.07.09.
    CVE ID: CVE-2023-50585 (Critical)

  • Cisco Released Security Update for Cisco TelePresence Management Suite (12 Jan 2024)

    Cisco has released security update to address multiple vulnerabilities in Cisco TelePresence Management Suite. The affected versions are Cisco TelePresence Management Suite earlier than 15.13.6.
    CVE ID: CVE-2023-20248, CVE-2023-20249

  • Google Released Security Update for Chrome (12 Jan 2024)

    Google has released LTC-120 version 120.0.6099.203 (Platform Version: 15662.64.3) for most ChromeOS devices. 

  • Vulnerability in TRENDnet (12 Jan 2024)

    A stack overflow vulnerability has been discovered in TRENDnet that leads to arbitrary command execution. The affected version is TRENDnet TV-IP1314PI 5.5.3 200714.
    CVE ID: CVE-2023-49236 (Critical)

  • CVE - KB Correlation (12 Jan 2024)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during January 2024.

  • Microsoft Edge Security Update (11 Jan 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.133) to resolve vulnerabilities.
    CVE ID: CVE-2024-21337 (Medium), CVE-2024-20709, CVE-2024-20721, CVE-2024-20675 (Medium)

  • Apple Security Update (11 Jan 2024)

    Apple has released security update to address a session management vulnerability in Magic Keyboard Firmware.
    CVE ID: CVE-2024-0230

  • Vulnerability in Totolink (11 Jan 2024)

    A buffer overflow vulnerability has been discovered in Totolink X2000R. The affected version is Totolink X2000R 1.0.0-B20221212.1452.
    CVE ID: CVE-2023-7222 (Critical)

  • Vulnerability in NetScout nGeniusOne (11 Jan 2024)

    An arbitrary code execution vulnerability has been discovered that causes Denial of Service (DoS) in NetScout nGeniusOne. The affected version is NetScout nGeniusOne v.6.3.4.
    CVE ID: CVE-2023-26999 (Critical)

  • Vulnerability in GitHub Repository gpac/gpac (11 Jan 2024)

    An out of bounds read vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
    CVE ID: CVE-2024-0322 (Critical)

  • Vulnerability in GitHub Repository gpac/gpac (11 Jan 2024)

    A stack based buffer overflow vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
    CVE ID: CVE-2024-0321 (Critical)

  • Vulnerability in Youke365 (11 Jan 2024)

    A Server Side Request Forgery (SSRF) vulnerability has been discovered in Youke365. The affected versions are Youke365 up to 1.5.3.
    CVE ID: CVE-2024-0304 (Critical)

  • Vulnerability in DeDeCMS (11 Jan 2024)

    A vulnerability has been discovered in DeDeCMS that leads to unrestricted uploading. The affected versions are DeDeCMS up to 5.7.112.
    CVE ID: CVE-2023-7212 (Critical)

  • Multiple Vulnerabilities in Rapid Software LLC's Equipment (11 Jan 2024)

    Multiple vulnerabilities have been discovered in Rapid Software LLC's Equipment- Rapid SCADA. The affected versions are Rapid SCADA 5.8.4 and prior.
    CVE ID: CVE-2024-21852 (High), CVE-2024-22096 (Medium), CVE-2024-22016 (High), CVE-2024-21794 (Medium), CVE-2024-21764 (Critical), CVE-2024-21869 (Medium), CVE-2024-21866 (Medium)

  • Vulnerability in Horner Automation's Equipment (11 Jan 2024)

    A stack based buffer overflow vulnerability has been discovered in Horner Automation's Equipment- Cscape that allows to execute arbitrary code. The affected versions are Cscape 9.90 SP10 and prior.
    CVE ID: CVE-2023-7206 (High)

  • Google Released Security Updates for Chrome (11 Jan 2024)

    Google has released Dev channel 122.0.6226.0 (Platform version: 15739.0.0) for most ChromeOS devices, Chrome Dev 122 (122.0.6238.3) for Android and Dev channel 122.0.6238.2 for Windows, Mac & Linux.

  • Juniper Released Security Updates (10 Jan 2024)

    Juniper has released security updates to address a missing release of memory after effective lifetime vulnerability in the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and Junos OS Evolved that allows to cause a Denial of Service (DoS) condition.
    CVE ID: CVE-2024-21611 (High)

  • Vulnerability in Lotos WebServer (10 Jan 2024)

    A use after free vulnerability has been discovered in Lotos WebServer. The affected versions are Lotos WebServer through 0.1.1.
    CVE ID: CVE-2024-22088 (Critical)

  • Vulnerability in Tenda (10 Jan 2024)

    A Remote Code Execution(RCE) vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 v16.03.12.11.
    CVE ID: CVE-2023-51812 (Critical)

  • Vulnerability in Jizhicms (10 Jan 2024)

    An arbitrary file download vulnerability has been discovered in Jizhicms. The affected version is Jizhicms v2.5.
    CVE ID: CVE-2023-51154 (Critical)

  • Vulnerability in Arcserve UDP (10 Jan 2024)

    A path traversal vulnerability has been discovered in Arcserve UDP. The affected versions are Arcserve UDP prior to 9.2. 
    CVE ID: CVE-2023-42000 (Critical)

  • Multiple Vulnerabilities in Ivanti Products (10 Jan 2024)

    The authentication bypass and command injection vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure and Ivanti Policy Secure Gateways are affected. The mitigation is available.
    CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical)

  • Cisco Released Security Updates for Cisco Unity Connection (10 Jan 2024)

    Cisco has released security updates to address an unauthenticated arbitrary file Upload vulnerability in Cisco Unity Connection. An attacker can exploit this vulnerability to take control of an affected system.
    CVE ID: CVE-2024-20272 (Critical)

  • Multiple Vulnerabilities in Cisco Products (10 Jan 2024)

    Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
    CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium), CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)

  • Drupal Security Update (10 Jan 2024)

    Drupal has released security updates to address Cross Site Scripting (XSS) vulnerability in Typogrify, a third-party library used in it. 

  • Drupal Security Update (10 Jan 2024)

    Drupal has released security updates to address the Cross Site Scripting (XSS) and access bypass vulnerabilities in File entity, a third-party library used in it.

  • Google Released Security Updates for Chrome (10 Jan 2024)

    Google has released Beta channel 121.0.6167.57 for Windows, Mac & Linux, Chrome Beta 121 (121.0.6167.56) for iOS, Beta channel OS version: 15699.29.0, Browser version: 121.0.6167.49 for most ChromeOS devices, Chrome Beta 121 (121.0.6167.57) for Android and LTS channel 114.0.5735.346 (Platform Version: 15437.84.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-7024 (High), CVE-2023-5197 (High), CVE-2023-5851 (Medium), CVE-2023-5852 (Medium), CVE-2023-5855 (Medium)

  • Trend Micro Security Updates for Trend Micro Apex One (09 Jan 2024)

    Trend Micro has released security updates to address local privilege escalation vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service, Platform: Windows. The affected versions are Trend Micro Apex One 2019 (On-prem) and Trend Micro Apex One as a Service SaaS.
    CVE ID: CVE-2023-52090 (High), CVE-2023-52091 (High), CVE-2023-52092 (High), CVE-2023-52093 (High), CVE-2023-52094 (High)

  • Multiple Vulnerabilities in Siemens Products (09 Jan 2024)

    Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
    CVE ID: CVE-2023-49621 (Critical), CVE-2023-51438 (Critical), CVE-2023-45871 (Critical), CVE-2023-45853 (Critical)

  • SAP Released January 2024 Security Notes (09 Jan 2024)

    SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-49583 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-50423 (Critical), CVE-2023-50424 (Critical)

  • Microsoft Released December 2023 Security Updates (09 Jan 2024)

    Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-0057 (Critical), CVE-2024-20674 (Critical)

  • Adobe Released Security Updates (09 Jan 2024)

    Adobe has released security updates to address multiple vulnerabilities in Adobe Substance 3D Stager. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium), CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)

  • Multiple Vulnerabilities in Fortinet Products (09 Jan 2024)

    An improper privilege management vulnerability has been discovered in FortiOS and FortiProxy. The affected versions are FortiOS 7.4, FortiOS 7.2, and FortiProxy 7.4. Security updates are available. 
    CVE ID: CVE-2023-44250 (High)

  • Google Released Security Updates for Chrome (09 Jan 2024)

    Google has released Chrome 120 (120.0.6099.210) for Android, and Stable channel 120.0.6099.216 for Mac, Linux and 120.0.6099.216/217 to Windows to resolve vulnerability.
    CVE ID: CVE-2024-0333 (High)

  • Schneider Electric's Security Updates (09 Jan 2024)

    Schneider Electric's has released security updates to address Deserialization of untrusted data vulnerability in Easergy Studio product. The affected versions are Easergy Studio prior to v9.3.5.
    CVE ID: CVE-2023-7032 (High)

  • Terrapin SSH Attack in PAN-OS (09 Jan 2024)

    A vulnerability has been discovered in PAN-OS software that allows to intercept SSH traffic on the PAN-OS management network causes Machine in the Middle (MitM) attacks.
    CVE ID: CVE-2023-48795

  • Vulnerability in spider-flow (08 Jan 2024)

    Code injection vulnerability has been discovered in spider-flow. The affected version is spider-flow 0.4.3.
    CVE ID: CVE-2024-0195 (Critical)

  • Vulnerability in SpringBlade (08 Jan 2024)

    A privilege escalation vulnerability has been discovered in SpringBlade. The affected versions are SpringBlade v.3.7.0 and before.
    CVE ID: CVE-2023-47458 (Critical)

  • Google Released Security Updates for Chrome (08 Jan 2024)

    Google has released Stable channel 120.0.6099.203 (Platform version: 15662.64.0) for most ChromeOS devices to resolve multiple vulnerabilities.
    CVE ID: CVE-2023-7024 (High), CVE-2023-6508 (High), CVE-2023-6509 (High), CVE-2023-6511 (Low), CVE-2023-39191 (Medium)

  • Vulnerability in Presslabs Theme (05 Jan 2024)

    A deserialization of untrusted data vulnerability has been discovered in Presslabs Theme per user. The affected versions are Theme per user: from n/a through 1.0.1.
    CVE ID: CVE-2023-52181 (Critical) 

  • Vulnerability in TOTOLINK (05 Jan 2024)

    A Remote Command Execution (RCE) vulnerability has been discovered in TOTOLINK X6000R. The affected version is TOTOLINK X6000R v9.4.0cu.852_B20230719.
    CVE ID: CVE-2023-50651 (Critical)

  • Vulnerability in TOTOLINK X2000R Gh (05 Jan 2024)

    A stack overflow vulnerability has been discovered in TOTOLINK X2000R Gh. The affected version is TOTOLINK X2000R Gh v1.0.0-B20230221.0948.
    CVE ID: CVE-2023-51136 (Critical)

  • Vulnerability in Grupo Embras GEOSIAP ERP (05 Jan 2024)

    A SQL injection vulnerability has been discovered in Grupo Embras GEOSIAP ERP. The affected version is Grupo Embras GEOSIAP ERP v2.2.167.02.
    CVE ID: CVE-2023-50589 (Critical)

  • Vulnerability in jeecg-boot (05 Jan 2024)

    A Server Side Template Injection (SSTI) vulnerability has been discovered in jeecg-boot that allows to execute arbitrary code via crafted HTTP request. The affected version is jeecg-boot version 3.5.3.
    CVE ID: CVE-2023-41544 (Critical)

  • Google Released Security Updates for Chrome (05 Jan 2024)

    Google has released Dev channel 122.0.6226.2 for Windows, Mac & Linux and Chrome Dev 122 (122.0.6225.0) for Android.

  • Microsoft Edge Security Updates (05 Jan 2024)

    Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.121) to resolve vulnerabilities.
    CVE ID: CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222

  • Multiple Vulnerabilities in Several IBM Products (05 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-2976 (Medium), CVE-2020-36518 (High), CVE-2022-42004 (Medium), CVE-2022-42003 (Medium)

  • SUSE Security Updates (04 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (04 Jan 2024)

    Google has released Chrome Beta 121 (121.0.6167.48) for iOS, Beta channel 121.0.6167.47 for Windows, Mac and Linux, Chrome Beta 121 (121.0.6167.47) for Android and Dev channel OS version: 15699.25.0, Browser version: 121.0.6167.40 for most ChromeOS devices.

  • Red Hat Security Updates (04 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Android Security Updates (03 Jan 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later, address all of these issues.

  • ASUS Security Update (03 Jan 2024)

    ASUS has released a security update to address a vulnerability in the Armoury Crate App.
    CVE ID: CVE-2023-5716

  • Android Security Updates (03 Jan 2024)

    Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later address all of these issues.

  • SUSE Security Updates (03 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Google Released Security Updates for Chrome (03 Jan 2024)

    Google has released Chrome 120 (120.0.6099.193) for Android and Stable channel 120.0.6099.199 for Mac & Linux and 120.0.6099.199/200 for Windows to resolve multiple vulnerabilities. 
    CVE ID: CVE-2024-0222 (High), CVE-2024-0223 (High), CVE-2024-0224 (High), CVE-2024-0225 (High)

  • Multiple Vulnerabilities in Several IBM Products (03 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.

  • Multiple Vulnerabilities in Several IBM Products (02 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.

  • Multiple Vulnerabilities in MediaTek Products (02 Jan 2024)

    Multiple vulnerabilities have been discovered in MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV, Computer Vision and Audio chipsets.
    CVE ID: CVE-2023-32872 (High), CVE-2023-32874 (High), CVE-2023-32875 (Medium), CVE-2023-32876 (Medium), CVE-2023-32877 (Medium), CVE-2023-32878 (Medium), CVE-2023-32879 (Medium), CVE-2023-32880 (Medium), CVE-2023-32881 (Medium), CVE-2023-32882 (Medium), CVE-2023-32883 (Medium), CVE-2023-32884 (Medium), CVE-2023-32885 (Medium), CVE-2023-32886 (Medium), CVE-2023-32887 (Medium), CVE-2023-32888 (Medium), CVE-2023-32889 (Medium), CVE-2023-32890 (Medium), CVE-2023-32831 (Medium), CVE-2023-32891 (Medium)

  • SUSE Security Updates (02 Jan 2024)

    SUSE has released security updates to resolve multiple vulnerabilities in several products.

  • Red Hat Security Updates (02 Jan 2024)

    Red Hat has released security updates to address multiple vulnerabilities in several products.

  • Qualcomm Security Update (02 Jan 2024)

    Qualcomm has released a security bulletin to resolve multiple vulnerabilities affecting several devices.
    CVE ID: CVE-2023-33032 (Critical), CVE-2023-33030 (Critical), CVE-2023-33025 (Critical)

  • Multiple Vulnerabilities in Several IBM Products (01 Jan 2024)

    Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2023-44483 (Medium), CVE-2023-44487 (High), CVE-2023-46158 (Medium), CVE-2023-45857 (High), CVE-2021-28165 (High), CVE-2020-27216 (High)

2024 2023 2022 2021 2020 2019 2018 2017 2016